Re: [PHP] Alternate Colors in Rows
Steve Marquez wrote: I am attempting to alternate the colors of the container DIV. Anyone know how to do this? I've used variants of this: ?php while ($condition): ? div style=background-color: #?= ($i++%2) ? 'ff' : 'ee' ?; ?php endwhile ? jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure Image Storage
Kevin Murphy wrote: Hello all, Following up with my success last week with putting downloadable files in a directory above the web root and then using a combination of fopen and stuff to download the file, I am now trying to do something similar with images. However, what I am trying to do is to put an image file above the web root, then use PHP to display that image in the web page, and not download it. I have the feeling that this isn't possible (all solutions I've seen involve using header() function, which won't work since this is midway down the page), but I wanted to make sure. This will return the binary source of the file: print file_get_contents($file_path); but doesn't display the image. Is there any way to have this (or something else) generate the image? What I get from the text above is that you're trying to actually display the image *inside* the HTML, which you can't do. You need to link to the image (which may be an image fetcher script), for example: img src=image.php?img=123456 / And have a corresponding image.php script that does the header and binary output. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strategy for Secure File Storage
Kevin Murphy wrote: I'm working on a intranet site that uses an LDAP server to authenticate users and then a integrated CMS (kind of like a wiki with security features so only certain people can post things or upload files) runs the whole thing. (The CMS is custom built with PHP). I've got a need to make certain files secured so that if someone uploads a file they can specify that no one except certain people can view the file. I've got all the security features set up, what I need to do is come up with the best way of securing those files. Obviously the link won't show to those files if the user doesn't have access to it, but I'm worried that someone might know the link and be able to access the file that they are not supposed be able to see. This doesn't need to be NSA level security, but I do need to protect against some computer savvy users. So, I'm pondering the following ideas for hiding those files. Any insight on the best method would be appreciated: 1) Write secure files to MySQL as a blob (only secure files would be written there) 2) Write secure files to the level below the web root and come up with a way of copying the files over to a temporary directory for access, then delete the files as soon as they are accessed. 3) Use Unix passwords to protect a folder in the web level and then the CMS knows the password and can pass the password for access (so that the user doesn't know this password, but the CMS does). 4) Some various forms of link obfuscation, where the CMS goes through all the secure files once an hour or so and rewrites the file name with a random string. 5) Or I'm open to suggestions. You can easily force all file access to pass through a PHP script - just do this kind of thing: - Fetch file information from a get variable, like file.php?fileid=12345 (or even file.php?filename=somefile.bin) - Check if the user is allowed access to that file (yes: continue, no: display an error) header(Content-Type: . $file-getContentType()); readfile(/path/to/secure/ . $file-getFileName()); Then just make sure that the /path/to/secure/ (as in the example above) is not readable by web users by some means. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP 5.2.3 - Segmentation fault (core dumped)
Per Jessen wrote: Uh, how do know you it's do with the version-number?? Did I miss that posting? Not necessarily to do with the version number itself - it's that PHP is dying before having actually done anything - it never gets to any PHP code. From the first post - the last line of what I pasted below: php -v: PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Sep 12 2007 08:59:52) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Segmentation fault (core dumped) In my experience, the Suhosin patch (while excellent for security) caused significant instability in several modules. I ended up having to scrap it. (It may not have been the patch - it could easily have been several of the PECL modules we were using. Regardless, they didn't segfault without the Suhosin patch.) If possible, you could try building without the patch. Assuming your machine isn't overclocked and has been tested for hardware problems... If the version of PHP you're using is a binary package, you should probably generate a backtrace from the core that was dumped and report it as a bug to the provider of that binary. The same goes if it was built as a FreeBSD port - they should probably know that their default port builds are segfaulting. I think Stut's advice for troubleshooting is a good path to take as well. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UTF-8 support
Naz Gassiep wrote: The functions trim() and explode() appear to be munging multibyte UTF-8 strings. I can't find multibyte safe versions of them in the manual, do they exist, or do I have to make my own? In what way are they munging the strings? I just tried with a bunch of UTF-8 characters pasted into a string, and it did exactly what I'd expect. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Premature Ajax-ulation
Stut wrote: Validation, validation, validation. The big danger with doing anything on the client-side is that it's all to easy to fall into blindly trusting what the client is giving you, even the smallest assumption can create a big hole in your app. Don't assume events will happen the way you expect them to. Don't assume users won't be able to make requests just because your logic *should not* allow it. In short, don't treat it any different to any other web application. There is no difference, you still need to do all the validation on every request whether it's AJAX or not. Beyond data validation, the thing that *really* bothers me about AJAX/JSON, etc is functions that can read or even modify data. Until recently, AJAX frameworks didn't do much verification on the source of the request, so If you happened to be logged to some private/sensitive site, a 3rd party site in another tab/window could call your AJAX functions and glean whatever data from the responses, or even modify data. (e.g. ajax_getUsers(), or ajax_launchAllNukesNowNowNow()!) I think all the major frameworks added protection against this, but home-brewed or out-of-date AJAX/JSON framework users beware! jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Strategy when working with designer(s)?
Steve Finkelstein wrote: I was curious how do you folks who strictly do development and not designing, strategically work with a designer in this fashion? Do you have a skeleton you follow or preload some existing templates and then code around that? If there's even a book which focuses on such concepts, I'd be more than happy to purchase and read it. This is just my opinion. I have only ever worked with a limited set of professional designers...Your mileage may vary. Having worked with a designer I very much respect for almost two years now, my only real suggestion is to make sure you write very standards-compliant xhtml. Lay out your pages so that they flow from top to bottom without any formatting whatsoever (think extreme simplicity). Output data naturally - tabular data in tables, paragraphs in p tags, headings in hN tags, inputs with labels, etc. Conceptually different parts can be split into div tags too. (Like div id=headerPage Title/div, div id=contentPage data/div etc.) It should look something like: Global Header * Page 1 link * Page 2 link * Page 3 link * Page 4 link Page Data Here's why: - A good web designer can work absolute magic with CSS - they can turn a well written xhtml page into a beautiful page that looks consistent across all modern browsers. (I'm lucky enough to work day-to-day with an absolute design wizard.) - It's very accessible - even simple mobile browsers screen readers and will have no problems with it. - If you don't like the work the designer has done, you can hire another and plug-in different style sheets. Depending on the calibre of designer, I think that integration may be a bit of a headache in the end though. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP Brain Teasers
Daniel Brown wrote:
Did you come before or after the chicken egg?
Relevant to the above:
$a = array('Chicken','Egg');
echo The . $a[array_rand($a)] . comes first.;
I appologize if this one's already been done...I've only glanced at a
few entries in this thread, entertaining though it is. :-)
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how PHP is batter?
Andrei wrote: I saw there is a free version of Studio, but I think it's for students... You cannot go build a corporate project with it I think... They're just designed for students and hobbyists (i.e. they stipped out the cool stuff), but you can use 'em for whatever. From the faq: http://msdn.microsoft.com/vstudio/express/support/faq/ *4.**Can I use Express Editions for commercial use?* Yes, there are no licensing restrictions for applications built using the Express Editions. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] A Guide to running Apache 2, PHP 4 PHP 5 on Windows XP
Richard Davey wrote: Sure, but you're in the minority*, so what do I care? :) * I just took the Zend PHP IDE research poll, and at the end it gives you the chance to view the stats of everyone else who took the poll. Interestingly, 70% of them use Windows XP for development. I actually use a combination of Vista and OS X, which puts me in the 11% and 19% categories respectively. I find it funny that the addition of the numbers above would logically put me in the 0% category. My $0.02...I use Linux almost 100% of the time at work, and consider myself to be a linux guy. That said, I disagree with people who discard Windows as an option. If you develop in PHP, chances are pretty good that more than 85% of the people you're developing for will use Windows to view your end result. In my book, that makes a WAMP workstation/laptop a pretty good self-contained development environment. Argumentum ad populum doesn't apply in the usage-for-development case. It's not asking If everyone else jumped off a bridge would you jump too? It's asking If everyone else jumped off a bridge, would you design your bridge with a soft fluffy landing spot? jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Blocking the direct download of a file
pw wrote:
I have a phtml file that contains a reference to
a java archive (jar) file.
I only want the archive used in the context of
a specific html page. I don't want the archive
to be downloaded directly.
I can think of two easy ways to do this. If you're using Apache, you
could fiddle with the config a little to deny non-local downloads:
SetEnvIfNoCase Referer ^http://www.myweb.com/; local_ref=1
FilesMatch \.jar
Order Allow, Deny
Allow From env=local_ref
/FilesMatch
(Stolen from: http://apache-server.com/tutorials/ATimage-theft.html.
Have used something similar, but don't want to dig through my own configs.)
Alternately, you can do something like this - similar to your idea, but
in this case, the download actually happens from the PHP script:
if (strpos($_SERVER['HTTP_REFERER'],'http://www.myweb.com/') === 0) {
header('Content-Type: application/java-archive');
readfile('/path/to/real/jarfile.jar');
exit(0);
}
There are probably lots of other ways to do that kind of thing.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Blocking the direct download of a file
Greg Donald wrote: $_SERVER['HTTP_REFERER'] is unreliable. http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.server So? In the context, I think the only thing that matters is that other people don't link to his jar file from other websites. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Blocking the direct download of a file
Greg Donald wrote: There will be legitimate requests that will fail since not all browsers send a referer. How many browsers out there that support the Java plug-in will not support referrers? Besides, the simple solution to that problem is just check for a non-existant referrer. If the browser doesn't support it, then it works anyway. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Keep-Alive problem
Julien Allali wrote: Then, the second call is blocked until the first call is entirely done. Now, If I explicitly ask the browser for closing the connection: snip all work fine. I believe the reason for this is specifically because of the connection to one apache process. Since apache prefork just uses one single-threaded (forked) process to handle each connection, when you issue a connection: keep-alive header, that one process is busy handling the first request, so the second request just sits and waits for the first to complete. If you issue a connection: close header, it works simply because your first request hits one apache process (which will be busy for some time), and your second request hits an entirely different apache process. For other apache threading models, replace process above with thread. Same idea. To my question is really simple: How could I tell to php to notify apache that the response is done so it will treat the second response hence if the first call is not finished? It's one process (or thread). AFAIK, it can't do that. You're asking one thread of execution to understand (automagically) that it has to pause execution, handle the next request, then resume the first. Using connection: close does almost exactly what you need, with the unfortunate side effect of having to re-establish a connection...Why not just stick with that? Alternately, you might be able to spawn off another command-line PHP process by calling system() or similar. *I think there is no php functions/way to do so, so isn't it a bug? (missing important feature). IMO, it's expected behavior. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: CONTENT-type for sending HTML attachments
Angelo Zanetti wrote: So if the HTML files are attachments and the text is just plain text then will the content-type of the message be text/plain and then each attachment be multipart/alternative. Please note that the HTML files need to be sent as attachments and not part of the body. On my email client I was receiving the emails correctly (IE: message body and HTML files as attachments) but on my client's email client they were just receiving blank messages. I'm just a little confused about the content types as you might have gathered. You're trying to do this, right? MIME Email - Part 1: Text Message (The message that you want displayed) - Part 2: HTML Attachment - Part 3: HTML Attachment - ... - Part N: HTML Attachment Because it's a mime email, your text part will be a mime part (an attachment) as well, but basically any mail reader these days will render that as the main part. You want your main email (MIME Email above) to have a multipart/alternative content type. Your text part (Part 1 above) should be text/plain. Each HTML part (Part 2 to Part N above) could be text/html. If you want to force those HTML parts as attachments you could use application/octet-stream for the content type - mail readers should treat them as binary. Whatever mime class you're using should hopefully take care of any encoding that may or may not be necessary. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] different and logic between PHP4 and PHP5
Vieri wrote: I didn't code this. We have inherited some code that worked this way in php4: if string1 and string2 exist then return true or 1 else return false or 0 in php5 it just doesn't behave the same way. Rather than echo, try var_dump. You'll find that it's returning a boolean, which is what you want according to the above paragraph? jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Back to security
jekillen wrote: For what it is worth, I am only aware of one drawback to https with respect to how requests are handled that makes it difficult to use with virtual hosting. I am a little hazy on how it works but when https is used only the ip address of the request is available to the server before the rest of the request is decrypted. I might be able to shed a little more light on that point...It's pretty simple actually... The client establishes an SSL connection with the server. That involves verifying the identity of the server (via a signed certificate). This is all done prior to the client sending the HTTP Host header. So you have a chicken and egg problem: You want to tell the server what virtual host you want via a header, but that requires a connection first. However, the server needs to tell you who it is before you can even connect. End result? Only one domain per vhost. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Launch a seperate process
fedt wrote: pcntl_ fork() and pcntl_ wait(), yo If you're using PHP as an apache DSO, you may find that those functions aren't available. If you don't have the pcntl_* functions available, there a less attractive options...I've done a request with curl with a short timeout to spawn the second request from PHP. You could likely also do it with JavaScript/AJAX. There are probably lots of other ways, in fact there may have been a discussion here some time ago about it though I don't remember the outcome. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] operational musings
Without any more than a few minutes worth of work, you can make MySQL do that with replication. Your in-store system could act as a slave to for the central system databases (any central updates trickle down to the slave automatically) and your in-store machine could be the master for the store_xyz database(s). Network disconnect? No problem! Network reconnect? Easy! In-store machine failure? No problem! Just update the tables from the central master! Work? Almost none! And since this is a PHP list... ?= 'jon' ? Jay Blanchard wrote: Howdy cats and kittens! I had an interesting thought after watching a demo of a POS system and wondered if the same type of methodology could be applied in a PHP application. I haven't thought this all the way through, but a fully-hatched idea like this could signal a major change in applications designed with PHP. In the POS if the network connectivity was lost the store could continue to operate, once the network connectivity was restored the data from each store would sync back up and data would be sent to the central server, yadda, yadda, yadda. Of course this is in a client/server application with an executable residing on each workstation. So, if you wanted to do this with PHP you would likely have to have a local web /database server (each store), establish a socket (primary and store servers?) to watch for an outage/restore and then write the code to support the sync up. Can it be done with PHP? It would definitely be worth the trouble given the frequency that connections to stores get lost. Thanks in advance for ideas, thoughts, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] can this be fone with PHP?
Bruce Gilbert wrote: I have created forms with PHP where the information in the fields is sent via sendmail to an email, but is there a way to have the information extracted and a pdf form created when the user hits the submit button? Yep, probably. See http://www.php.net/manual/en/ref.pdf.php jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php and .net webservice
Arno Coetzee wrote: I have a php client that needs to interact with a .net web service. The method I call returns a strongly typed dataset (some or other .net object). I cannot seem to get my php client to understand what this dataset is. I can see the information with a tcpdump, but for the life of me I can’t get php to display the results returned. Assuming you're using PHP's built-in SOAP handling stuff, it should work fine. Just var_dump or print_r the returned object to see what you get. .NET SOAP likes to do some inconsistent/odd things. By default, I believe it wraps one message in an additional object/array layer for no apparent reason, but doesn't for messages traveling in the other direction, at least that has been the case in my very limited experience with dotnet/php SOAP interaction. (Dumping the resulting messages should provide you with the odd object structure.) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PDO database drivers
Sandy Keathley wrote: I upgraded PHP 5.2 = 5.2.1 and added PDO support. It installed the SQLLITE driver by default. I wanted to add the MYSQL driver. I ran pecl install PDO_MYSQL and it failed with an autoconf error. It probably depends on how you're installing PHP. If you're using a distribution's built-in PHP support, there should be a PDO/mysql package or in Gentoo's case pdo and mysql use flags. If you're compiling from source, just add --with-pdo-mysql to your ./configure line. I then downloaded the driver from pecl and unpacked it, but there were no instructions on installing it, and there is no configure script. Why use pecl? It's built-in to PHP. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Deny processing of non included files
Easy answer: deny access to them. Use your web server to prevent
execution of the files. Generally, if you're using Apache, you can just
do this:
Directory /path/to/modules/
Order Allow,Deny
Deny From All
/Directory
You may also be able to do that from a .htaccess file.
If you can't configure the server, just use a define at the top of your
index script:
define('__INDEX_PHP',TRUE);
Then just check it with a one-liner at the top of each script that is
for inclusion only.
Tim wrote:
1. My included files assume the top file has initiated an instance of an
certain object thus being able to use the resources of the instanced objects
in the top file..(obviously i have the necessary checks to make sure the
instance has been created before including the file)
-Should i be initializing new instances of the object at the top of each
included file to prevent errors from appearing incase someone access the
file directly? Or should i believe it doesn't really matter as in a
production environment display_errors is set to off so no error output will
be shown...
I don't think you ever want include files to be executed in the wrong
context. Just deny access.
If anything, just make an index.php page in each module dir that
contains only Thanks for visiting this page, but the link you followed
is probably mistyped. Try a href=\$document_root\this/a instead.
2. what is the assesed security risk if someone access a file directly even
if it does not output anything?
Depends on what the file contains. If it contains this: `sudo rm -r
$directory/*`, then the results could be disastrous, but let's hope
that it wouldn't contain code like that. :-)
3. is their a way to check that a file has been included by such and such
file or should i develop a hash system where the top page that includes
files generates a hash, stores it in the db for the length of the script and
in a variable, and have the included file check that the variable from the
top file and the hash in the db correspond?
See above define(...) bit, which is really based on the old C header
trick:
#ifndef __SOME_FILE_H
#define __SOME_FILE_H
a bunch of stuff
#endif
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing cookies in PHP and Javascript
Your favorite search engine would provide you with far better JavaScript answers than a PHP mailing list... Otto Wyss wrote: Assuming I have a cookie setcookie (username,$_SESSION['Username'], $expires); how can I access the same cookie in Javascript? Parse out document.cookie. Or how do I have to create a cookies so it's accessable as $_COOKIE[username] document.cookie = username= + escape(username); You can add expiry, path, etc. with JavaScript, but you can google for that. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] round to nearest 500?
[EMAIL PROTECTED] wrote: hah yeah, always worth a little skepticism, but it seemed to make some kind of sense. If you always round up or always round down, that's obviously not right and you end up losing potentially a lot of money or over-estimating the money involved. Founding up for 5 through 9 and down for 0 through 4 seems like it makes some kind of sense, but apparently it doesn't work out that way. I'm sure someone out there knows what I'm talking about (it might be the first time, but I know I'm not making this up hah), but rounding 0.75 up to 0.8 and 0.65 down to 0.6 (or vice versa) is supposed to be more accurate or at least leads to fewer anomalies. Someone feel like writing a quick script that generates random numbers and does the rounding based on these two ideas (doing it the 'hard way') and see how much variation there is after like 10,000 iterations? If I have time later, I'll do it. Now I'm even more curious. I wasn't aware of the accounting trick before today, but I believe I can explain it: If your numbers are statistically random, then the above solution will lead to an even distribution of rounding up and rounding down. The reason is simple: 0: No rounding. It's already there. (8.0 doesn't need to be rounded to 8 - it already *is* 8.) 1-4: You round down - 4 of 9 times you round down. 5-9: You round up - 5 of 9 times you round up. So you round up 11.1% more often than you round down. As a result, if you round up when it's odd, and down when it's even, you eliminate the 11.1% difference in when you'd round up then round down. That said, if someone were aware of the above rounding trick, it wouldn't take someone very much effort to come up with things like fee structures or pricing structures that could take advantage of that scheme to force rounding errors to remain permanently in the person's favor. I certainly hope that PHP continues to use the standard technique, and not the accounting trick above. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] round to nearest 500?
blackwater dev wrote: Is there an easy way in php to round to the nearest 500? So if I have 600, I 500 and if I have 800 I want 1000? Multiply by 2, round to 1000, divide by 2. Maybe there's an easier way, but that's what I use. 600*2 = 1200, round(1200,-3) = 1000, 1000/2 = 500 800*2 = 1600, round(1600,-3) = 2000, 2000/2 = 1000 jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64-encoding in cookies?
Myron Turner wrote: Jon Anderson wrote: Fletcher Mattox wrote: In terms of the behavior, I think it makes total sense. The only case where it would ever bite you is yours (which is rare because most people wouldn't mix perl and PHP in the same system). I'm not going to get into the middle of the base64 argument, but I don't think that mixing perl and php is rare. I've seen the mix occasionally crop up up this list, and I know from myself. I've been using Perl for 10 years and PHP for only 2.5. It's inevitable that I'll choose Perl for certain uses and that I'll call the Perl as cgi from pages scripted in PHP. Then there are things which I've already got written in Perl that I also call as cgi from PHP pages. Or operations that are not compiled into all installs of PHP and are standard with Perl, like fork(), and there's nothing you can do about it because you don't have control over the installation. Each language has its strengths. What's true of Perl, I think is probably true of Python as well. There are lots of programmers and web sties that must mix Python and PHP. I should have qualified my argument. I believe that mixing languages is likely to be _relatively_ rare compared with PHP-only systems. I have absolutely no hard evidence to back that up other than my own experience - I've seen only a few hundred sites, which is obviously a very small sample next to the probably millions of sites running PHP. Of those few hundred sites, I'm the only one that directly mixes languages that I've seen. (I'm in sort of the same boat as you - I also started out with perl about 10 years ago, and started moving on to PHP around the PHP 4.0 era. I also regularly write python and C, among others.) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reflection API Questions
Check out the runkit extension to PHP
(http://www.php.net/manual/en/ref.runkit.php). It should let you do all
the class mucking you need to do.
jon
Jim Wilson wrote:
Dear PHP Users,
I have two questions regarding PHP 5's Reflection API (I apologize if
this
isn't the right list to ask):
1) Is there a way to inject a method into a Class such that future
instantiations of that Class will have the method? For example:
Before ---
class A {
// Nothing
}
Before ---
After ---
class A {
// method which was injected
public function injectedFunc($someArg) {
//
}
}
After ---
Obviously I'm not looking for a way to modify class A's source code, just
the effective class A specification.
I know that PHP supports extending classes and interfaces, but in my
use-case that isn't really an option since I don't control the code which
instantiates the objects, and they're not using any kind of Factory
pattern
for object construction that I could overload with my extended
implementation.
2) Is there a way to change a method which already exists, as in by
overwriting it with a new function? I'm looking to do the equivalent of
JavaScript's 'function as member' treatment, where it's easy to do
something
like:
Snip ---
// Obj is some object
Obj.meth = function (arg) { /* do something with arg */ };
// Then later on ...
Obj.meth('hello there');
Snip ---
Thanks in advance for any help, or for redirecting me to the correct
list if
this isn't it.
-- Jim R. Wilson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64-encoding in cookies?
Fletcher Mattox wrote: Actually, wouldn't you say it is left up to whoever is sending the cookie? But more on that later. It is totally left up to the user with PHP as well, but you agree with that (grudgingly) later. There is no way that you can argue the fact that there are two mechanisms. One leaves total control up to the user, the other is totally automatic. Personally, I think that's having your cake, and eating it too. I won't argue that this behavior should probably be documented with $_COOKIE, but it is documented with it's counterpart, setcookie: Note that the value portion of the cookie will automatically be urlencoded when you send the cookie, and when it is received, it is automatically decoded and assigned to a variable by the same name as the cookie name. If you don't want this, you can use setrawcookie() http://www.php.net/manual/en/function.setrawcookie.php instead if you are using PHP 5. In terms of the behavior, I think it makes total sense. The only case where it would ever bite you is yours (which is rare because most people wouldn't mix perl and PHP in the same system). Nearly every other case is neatly wrapped up - newbies will find that setting whatever cookies they want just works, regardless of content. Others who are aware of the encoding behavior probably don't care - it's what they'd do manually if PHP didn't do it for them. Even if you use cookies in JavaScript, you'll have to know that certain charaters would have to be escaped, so you'd run escape on your cookie and find that in PHP you don't even have to do anything and it just works. (And more or less vice-versa.) As far as I'm concerned, that is the mentality of PHP: there's a function called: do_exactly_what_i_want(), and it just works. I think some of the negativity aimed at you stems from the fact that the behavior has been explained and is quite clear. There isn't much point in arguing what it should be. It is exactly what it is. If you want to argue what the behavior should be, try php-dev. (Making that kind of argument here is like yelling at your neighbor 'cause Vista sucks...assuming Bill Gates isn't your neighbor. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript and $_POST
I'm no JavaScript expert, but I could maybe suggest an alternate method:
use document.getElementById() or document.getElementsByName()
AFAIK, the direct document.xyz doesn't work exactly the same way accross
browsers (if at all).
e.g. (WARNING! TOTALLY UNTESTED CODE!)
function checkInputValue(item,onError) {
if (item = document.getElementsByName(item)[0]) {
if (item.value != ) {
return(true);
}
}
alert(onError);
item.focus();
return(false);
}
function checkForm() {
elements = new Array('cc_phone_number');
errors = new Array('Please enter a phone number');
for (i=0;ielements.length;i++) {
if (!checkInputValue(elements[i],errors[i])) {
return(false);
}
}
document.getElementsByName('inputForm')[0].submit();
}
Dan Shirah wrote:
Okay, I edited my page per some suggestions here. Below is what I now
have:
script language=JavaScript
function checkForm() {
// ** START **
if (inputForm.cc_phone_number.value == ) {
alert( Please enter a phone number. );
inputForm.cc_phone_number.focus();
return;
}
**Lots of other checks here, just left out for length**
document.inputForm.submit();
}
/script
title/title
LINK rel=stylesheet type=text/css href=../../CSS/background.css
/head
body
div align=center h2/h2
h3Submit a New Payment./h3
/div
form name=inputForm action=save.php method=post
enctype=multipart/form-data
**Lots of form data here**
table align=center border=0 cellpadding=0 cellspacing=0
width=680
tr
td width=64 align=lefta href=javascript:checkForm()
title=SaveSave/a/td
td width=616 align=lefta href=javascript:closeThis()
title=CloseClose/a/td
/tr
/table
/form
/body
/html
Now when I submit my page it still perfroms all of the javascript checks
correctly, but once it gets to the document.inputForm.submit(); part it
returns the following error.
Error: Object doesn't support this property or method.
Code: 0
On 2/7/07, Paul Novitski [EMAIL PROTECTED] wrote:
At 2/7/2007 01:34 PM, Dan Shirah wrote:
I have a form that uses Javascript to validate form field entries,
and if
they are incorrect it returns an error to the user.
After the Javascript processing is complete, it submits the form to my
save
page. However it seems that once the processing is complete and it
passes
to
the save page, none of my $_POST variables are being passed.
Of course, all of your form fields need to be inside the same
form/form tags as your submit button. The sample HTML you posted
did not indicate that you'd done this.
Regards,
Paul
__
Paul Novitski
Juniper Webcraft Ltd.
http://juniperwebcraft.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript and $_POST
Dan Shirah wrote:
Jon,
Tried your method and still got:
*Error: Object doesn't support this property or method.
Code: 0*
*I don't know what browser/platform you're using, but the following
works for me on IE7/Windows, FF2/Linux, Opera9/Linux.
jon
html
head
script language=JavaScript
function checkInputValue(item,onError) {
if (item = document.getElementsByName(item)[0]) {
if (item.value != ) {
return(true);
}
item.focus();
}
** alert(onError);
**return(false);*
*}
function checkForm() {
elements = new Array('cc_phone_number');
errors = new Array('Please enter a phone number');
for (i=0;ielements.length;i++) {
if (!checkInputValue(elements[i],errors[i])) {
return(false);
}
}
document.getElementsByName('inputForm')[0].submit();
}
/script
/head
body
form name=inputForm method=post enctype=multipart/form-data
table align=center border=0 cellpadding=0 cellspacing=0
width=680
tr
tdinput type=text name=cc_phone_number /
/tr
tr
td width=64 align=lefta href=#
onclick=javascript:checkForm();return(false); title=SaveSave/a/td
/tr
/table
/form
/body
/html
*
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript and $_POST
Jon Anderson wrote: ... item.focus(); } ** alert(onError); **return(false);* *} ... Sorry about the *s everywhere (there aren't supposed to be any). I pasted the code in, and Thunderbird thought it was supposed to be bold for some reason, then converted the bold text to text with *s everywhere while sending as plain-text only. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] base64-encoding in cookies?
Fletcher Mattox wrote:
I have learned that apparently PHP silently runs urldecode()
on all cookies before copying them into the $_COOKIE variable, under
the assumption that all cookies have been urlencoded.
This seems like a bad assumption to me, and is perhaps an attempt to be
consistent with $_GET and $_REQUEST, which as Brad points out, have to
be url encoded. But cookies aren't urls. I thought their purpose was
to transfer data transparently, but maybe I am wrong about that.
Warning: this is my opinion. :-)
I don't believe is is a bad assumption; I can see exactly why it would
have been done that way...
Cookies must be encoded somehow: Because a raw cookie will contain
var=val; expires=time; path=/path/ type stuff, PHP would *have* to
encode it. If a user runs setcookie('mycookie','this is my cookie; have
a bite!');, PHP has to pick some kind of encoding, and urlencoding
makes the most sense given its similarities to GET and POST.
Since PHP urlencodes values it sets, it follows logically that it would
also urldecode values it retrieves.
If you don't want PHP's automagic cookie handling you can do it manually
as well with header('Set-Cookie: ...') and $_SERVER['HTTP_COOKIE'] on
the other end - which I believe is what you decided on.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript and $_POST
Dan Shirah wrote: And this is my Save option at the bottom of my page form name=Submit action=save.php method=post enctype=multipart/form-data table align=center border=0 cellpadding=0 cellspacing=0 width=680 tr td width=64 align=lefta href=javascript:checkForm() title=SaveSave/a/td /tr /table /form ErWhy aren't there any input elements within the form tag? Maybe you just condensed-out the inputs, but if your inputs aren't within the form, they won't be submitted. E.g. if you have: form id=dataForm input ... / input ... / /form form id=submitForm ... /form If you submit submitForm, nothing will get posted. You want to post dataForm in the above example. (Or whatever inputForm happens to be in your example.) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encoding problem
Guus Ellenkamp wrote:
I have a string with an n with a tilde. mb_detect_encoding says it's UTF-8.
I set the http encoding to UTF-8 and also the internal encoding. However, I
cannot produce proper output with echo $varwithtilde.
echo $returnArray[$i]-address1.' has
'.mb_detect_encoding($returnArray[$i]-address1)
does NOT produce correct output in a browser or with the W3C validator,
although it says the encoding of the var is UTF-8.
What's wrong?
Character set issues can be very complex, but I'm going to take a guess
If you're outputting something that is actually UTF-8, you'll need to
make sure that you've done these:
header('Content-Type: text/html; charset=utf-8');
I believe that IE6 requires this one as well within your html head.
meta http-equiv=Content-Type content=text/html; charset=utf-8 /
If that doesn't work, then it could be that your character isn't
actually UTF-8 encoded.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Who uses PHP
Eric Gorr wrote: PHP has to many security issues and should not be used with a user authentication system. We should use XXX. Well, people's complaints about PHP probably stem from some security pitfalls built-in for simplicity's sake. (The most common being register_globals.) For that reason, I strongly agree with the general sentiments of many posters: code is as secure as the least capable developer can make it. I write code in C, python, Perl, PHP, Java, C#, JavaScript, etc, etc... I don't find PHP to be inherently less secure than any other language. I've recently run into a company that has a payment web service that handles outgoing transactions. They have a hole in their system that could be used to rip off e-commerce sites accross the internet. (Site thinks the person has paid, where they have not.) Their code is written in ASP. Is it ASP's fault? No. It's the programmers who failed to recognize the hole in their protocol. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parsing mail file
I realize I'm probably stepping on some toes here, but I'm going to assume that there is (judging from the wording) a language barrier here. While I'm all for the teach a man to fish philosophy, I'm not sure that language isn't getting in the way of the lesson... Pierre Pintaric wrote: I don't what want to rebuild the wheel if somebody works on it and made a good job... I believe you're looking for a MIME message parser. (I think that's the piece of the puzzle you were missing. People were trying to steer you in that direction.) The one ready-made solution that I'm aware of that will help you is the PECL mailparse package: http://pecl.php.net/package/mailparse Otherwise, #6 (and maybe #7) in your search results list should do it... If somebody uses a great function and want to share, I will please him... :-) Please don't. ;-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Help wtih a query?
Wrong list. Putting $sql=... in there doesn't make it a PHP question. ;-) Skip Evans wrote: Is that what the left/right joins do??? Yea. LEFT JOIN will give you NULL entries in the left joined table, so you'd just have to say WHERE ISNULL(left joined table.some field in that table). Of course, you'll need to do the right JOINs in there for that to work. Personally, I think that implicit joins are sloppy, so I would suggest using JOIN with ON or USING...but I suppose that's a preference thing, and some (all?) might disagree with me. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] which package to use for unzipping zipped files with PHP
I've used the PECL zip extension. I believe it was originally based on
zzip, but is now based on another zip library.
http://pecl.php.net/package/zip
I won't make any claims about it being better or worse than the other
two you mention ('cause I really don't know), but I can tell it works
reliably. :-)
jon
Angelo Zanetti wrote:
Dear all.
I have been googling to find out which is the best way to use PHP to
unzip a zip file I have found the following:
zziplib
and
pclzip
but still can't really decide without doing alot of tests etc..
Can anyone give advice as to which one to use. and which one not to
and why?
TIA.
regards
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SQL Readability.. (was Re: most powerful php editor)
This may not be an option for many people, 'cause ISPs and web hosts may
not be forward-thinking enough to install PDO or recent PHP, but...
PDO can do do this in a very database independant way, without having to
do the equivalent of mysql_real_escape_string:
$table = 'xyz';
$data = array(
'Field1' = Data1,
'Field2' = Data2
);
$fields = implode(',',array_keys($data));
$placeholders = ':' . implode(',:',array_keys($data));
$stmt = $dbh-prepare(INSERT INTO $table ($fields) VALUES($placeholders));
$stmt-execute($data);
With the added bonus that you can insert multiple rows quickly without
having to rebuild any queries...
$stmt-execute($data1);
$stmt-execute($data2);
...
$stmt-execute($dataN);
(And PDO is super-fast compared to some other similar PHP-based libraries.)
jon
[EMAIL PROTECTED] wrote:
My contribution to the insanity.. INSERT statements made easy:
$genericQY = INSERT INTO MOD_LMGR_Leads (; $genericQYvalues =
VALUES (;
$genericQY .= FirstName,; $genericQYvalues .=
'John',;
$genericQY .= LastName; $genericQYvalues .=
'Smith';
$genericQY .= );$genericQYvalues .=
);;
$genericQY .= $genericQYvalues;
$genericRS = mysql_query($genericQY);
You call that readable??
$vals = array();
$vals['FirstName'] = 'John';
$vals['LastName'] = 'Smith';
$query = mysql_query(BuildInsert('MOD_LMGR_Leads', $vals));
function BuildInsert($table, $values)
{
foreach (array_keys($values) as $key)
$values[$key] = mysql_real_escape_string($values[$key]);
$sql = 'insert into `'.$table.'` (`';
$sql.= implode('`,`', array_keys($values));
$sql.= '`) values (';
$sql.= implode(',', array_values($values));
$sql.= ')';
return $sql;
}
Note that this is a *very* cut down and untested version of BuildInsert.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] memory_limit Setting?
Jay Paulson wrote: Hi everyone, I¹m trying to upload a 25MB file via PHP and I¹m setting the memory limit way high so I don¹t get a fatal error from php (the error is below). What I find really odd about this is that the error message says that PHP tried to allocate almost 54MB. First question is why is PHP allocating so much memory when I¹m only uploading a 25MB file? Question is what does your code look like? AFAIK, PHP uploads files to a temp directory where you can do whatever you want with them. If you don't read them into memory, it won't use a lot of memory (just the overhead required for the $_FILES array). Second question is why is PHP failing when obviously the memory limit is set to just over 100MB? It's trying to allocate over 50M, but fails because existing memory usage + attempted memory usage is greater than 100M. Call memory_get_usage() right before the line on which it fails to see how much memory is being used by your script. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] bit wise math? Is there a function to easily return the bits?
function bits($num) {
$bit_array = str_split(strrev(decbin(intval($num;
$val_array = array();
foreach ($bit_array as $pow = $bit) {
if ($val = $bit * pow(2,$pow))
$val_array[] = $val;
}
return($val_array);
}
(I wanted to see if I could write it in few LOC.) I wonder if there's a
faster way...
jon
blackwater dev wrote:
Is there a php function I can call to pass in a number and get the values
returned?
For example, pass in 7 and get 1,2,4 ?
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] most powerful php editor
Miles Thompson wrote:
More seriously, many times I've taken a It's right, but not working,
dammit! SQL statement,
broken it up so it's listed vertically and discovered the error.
Just my 2 cents worth...
SQL actually does lend itself rather well to normal code style
indenting, even though not many seem to do it...Breaking it (and PHP
code of course) into 78/80-char lines makes great sense for readability
within PHP code:
$sql =
SELECT
(list of fields),
CASE ... END AS field
...
FROM (table)
JOIN (table) USING(column)
JOIN (table) ON(column=column)
...
WHERE
(condition)
AND
(
(sub-condition)
OR
(sub-condition)
)
GROUP BY (column)
...
;
These things are a real pain to read without formatting! :-)
I think writing unformatted SQL queries is like writing code like if
($var) { statement; statement; statement; foreach ($var as $v) {
statement; statement; statement; } statement; etc. }
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5
Be warned, crypto isn't a strength of mine, so any/all of this may be total BS. Ross wrote: Does md5 really offer much in terms of protection? Depends on what you're doing with it. AFAIK, md5's weakness comes in the form of collisions - it has been cryptanalysed to the point where it is no longer reasonable for high security purposes. It is possible to create two different strings (i.e. documents, passwords) that result in identical md5 hashes. It is likely possible to find alternate passwords if the md5 is known - if a user can get a hold of your md5'ed passwords, they may be able to come up with another password that will create the same MD5 hash, thus would be capable of logging in to the system. If what you're trying to protect is reasonably sensitive, don't use it to verify that a document hasn't been tampered with, and don't use it to hash passwords though salting may help. The algorithm is really well known. IMO, that's a good thing. I'd much rather have an algorithm that is well known, well analysed and *still* secure over an unknown and untested algorithm. I would like to hear your thoughts and poosible alternatives (mcrypt?) sha1 has also been cryptanalysed but should be more secure than md5. I think sha256 is believed to be secure. PHP 5.2 seems to have a 'hash' function that can generate many atypical hashes like sha256. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Script's length, echo, and execution speed
Casey Chu wrote:
Yeah, try testing. Maybe something like this:
?php
$form = form action=' ' method='post'textarea
name='code'/textareabr /button
type='submit'Execute/button/form;
if ($_POST['code']) {
echo div style='border: 1px';
$time_start = microtime_float();
eval($_POST['code']);
$time_end = microtime_float();
echo br /Loading took: . $time_end - $time_start. '/div';
}
echo div style='float: left'$form/div;
// Note: This script is extremely dangerous and is not tested.
?
I haven't been following this thread, so I don't know if this has been
suggested...
If you can run a local server, IMO, xdebug is *the* way to go...xdebug2
has an excellent profiler built-in. You can use kcachegrind or
wincachegrind to see some pretty mind-boggling detail about where your
performance goes. It's much easier than inserting timing statements into
existing code.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Count empty array
Kevin Murphy wrote:
I'm wondering why this is.
$data = ;
$array = explode(,,$data);
$count = count($array);
$count will = 1
$data = Test;
$array = explode(,,$data);
$count = count($array);
$count will = 1
$data = Test,Test;
$array = explode(,,$data);
$count = count($array);
$count will = 2
Why doesn't the first one give me an answer of 0 instead of 1.
This:
var_dump(explode(',',''));
Returns this:
array(1) {
[0]=
string(0)
}
And oddly, This:
var_dump(explode(',',NULL));
Returns this:
array(1) {
[0]=
string(0)
}
That explains the count() result. It seems to me that the first case
could go either way (The part of before the ',' is still ), but I'm
unable to think of a logical reason why the second doesn't return an
empty array.
I know I could do a IF $data == [empty] and then not count if its
empty and just set it to 0, but am wondering if there was a better way.
$array = empty($data) ? array() : explode(',',$data); /* That what
you're looking for? */
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Trying to insert a large number from php to mysql
WeberSites LTD wrote: I'm trying to insert the number 1970324970930197 into a mysql BigInt(20) field. If I do a direct insert from mysql command prompt and select the record I get back the same number. If I do this from PHP I get back 197032497093. Notice that the 197 at the end is not 000. AFAIK, PHP uses 32-bit (signed) integers, so you're stuck to values no bigger than around 2 billion. Anything larger, and you have to store it as a string: use a BigInt class, or GMP functions to do calculations. I believe MySQL will do the right thing if you insert a string integer into an integer field. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Byte order Mark (BOM, UTF-8, Header)
Bernhard Zwischenbrugger wrote:.
My Question:
Is PHP UTF-8 ready?
Is there an other reason to stick on iso-8859-1 or ascii beside the BOM?
Is it a PHP bug, or is it a bug of the editor software?
My opinion is that it is basically a code problem. You have data before
the ?php (the BOM), and PHP is outputting it as such. How is PHP
supposed to know that you didn't intend to ouput a BOM? It could be an
intentional thing, e.g. output of a UTF-8 text file:
?php
header('Content-type: text/plain; charset=utf-8');
include('file-with-BOM.php');
In your case, it is an unwanted side-effect. The answer, I believe,
should be to educate your student about the BOM and recommend the use of
an editor that is a little smarter about UTF-8 output. When I use
Windows (which is rarely), I use Notepad++, which gives you the option
to save files as UTF-8 with or without the BOM.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Process of creating invoices requiring human thought!
James Nunnerley wrote: Can anyone see an easy way of putting that sort of “human thinking” into a script? Any guidance would be gratefully received… You could include a fuzz factor that is acceptable to your application. You could also provide a nicer fuzz factor to people who don't use up all the hours in other time periods. E.g. (pseudo-code, time represented in seconds) $fuzz = 1800; if ($client['end']-$fuzz $timePeriod['start']) // freebie or for the unused time thing: if ($client['end']-($fuzz+$unused) $timePeriod['start']) // freebie Of course you can probably think of dozens of variations on that theme, but you get the idea. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security question
Alain Roger wrote: I've heard that cookies and sessions can be easily hacked...so what do you use to secure your web page. which methods ? If you want to be secure, don't trust anything. Cookies are easily modified by a user, so never store anything sensitive in there without masking it well. Personally, I don't like $_SESSION either, 'cause it doesn't work across clustered servers by default, and isn't usually terribly secure on a shared web host. I tend to use hashed data in the cookie for anything that needs to be semi-secure, and store everything sensitive in a database, one-way hashed wherever possible. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Space in regex
Dotan Cohen wrote:
I should add more information. This is the entire regex:
$text=preg_replace_callback('/\[([A-Za-z0-9\'.-:underscore:]+)\|([A-Za-z0-9\'.
-:underscore:]+)\]/i' , findLinks, $text);
This regex should match any pair of square brackets, with two bits of
text between them seperated by a pipe, like these:
[Ety|wife]
[Jarred|brother]
[Ahmed|neighbor]
[Gili and Gush|pets]
[Bill Clinton|horny]
I would expect that the . would match spaces, but it doesn't. So the
first three examples that I've shown are matched, but the last two are
not. I've even added \w, \s, , and :space: to the regex, but
of course that's not matching, either. What am I doing wrong? Note
that I've been honing my regex skills for the past few days, but I've
not so much experience with them. Thanks in advance to whoever can
help me understand this.
This appears to work for me:
preg_match('/\[([A-Za-z0-9\s\'.-:underscore:]+)\|([A-Za-z0-9\s\'.-:underscore:]+)\]/i','[Test
1|Test 2]',$matches);
print_r($matches);
produces:
Array
(
[0] = [Test 1|Test 2]
[1] = Test1
[2] = Test2
)
Alternately, I would use the following regex: /\[([^\|]+)\|([^\|]+)\]/
which is a little cryptic, but very flexible for what you mention above.
It works for me as well...
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to output an MP3 file?
Brian Dunning wrote:
header('Content-Type: application/octet-stream');
snip
What should I change?
I think you should use a content type more specific to MP3s. My install
of firefox seems to think the appropriate content type for those is
audio/mpeg - try that, and see what happens.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cURL uses
Philip Thompson wrote: I've been doing some reading trying to figure out why I would want to use cURL. I have not found a solid reason yet. Does anyone have a useful example on why you would want to use cURL? It allows significant configurability and flexibility over PHP's more direct functions, for example, the ability to set a timeout, or get more direct control over output. You only have to read the curl documentation to see that it can do a lot of things that other PHP functions just can't do. I would suggest that you probably shouldn't try to find a reason to use curl, rather a reason to use curl will find you. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] one click - two actions?
Mel wrote:
YES YES! that is exactly what I want.
But I don't know how to do what you are suggesting!
You'll have to read some documentation about AJAX if that's what you
want, but thankfully there are some easy AJAX toolkits out there. Of the
ones I've tried, I find xajax (xajax.sf.net) to be the simplest. For
example, the following is a rough (completely untested) example that
illustrates my point:
In your HTML, you could have: div id=logoDiv/div and div
id=textDiv/div somewhere...
Then the xajax PHP code:
function twoActions() {
$xR = new xajaxResponse();
$xR-addAssign('logoDiv','innerHTML','img src=images/logo.jpg /');
$xR-addAssign('textDiv','innerHTML','Here is an explanation of the
logo!');
return($xR-getXML());
}
$xajaxInstance-registerFunction('twoActions');
Then the link:
a href=# onclick=xajax_twoActions();return(false);Logo/a
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP product licensing...
I'll get right to the point, then explain after... I'm looking to release some PHP code as partially open-source. Basically a GPL-like license for non-commercial use, and proprietary license for anyone else. I'm wondering about people's experience with various licenses (open-source or not). I'd be really glad to hear opinions and experiences about any successes and failures. As for my reasoning: As I understand it (correct me if I'm wrong), the GPL leaves some holes with regards to code used internally within a company (especially web stuff) where GPL'd PHP code can be used and changed internally by that company without returning changes even if the code is used in a public-facing website - so long as they don't re-distribute the software. I've read through a bunch of other licenses, but I'm no lawyer. So rather than jumping blindly, I thought I'd seek out the opinions of those who've been there. There's no substitute for the concrete experience. :-) I really like the idea of open-source software, so I would very much like to release my code so that it can benefit the open-source community, but make sure that commercial use is appropriately controlled at the same time. Please reply to the list only, no need to cc. Cheers, jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] pdo and mysql 5
jonathan wrote: I know that PDO has drivers only for MySQL 3/4. Is anybody getting it work with MySQL 5. I'd like to try out the Zend Framework but our db uses MySQL 5. We could create a second db in 4.1 and run it with that but I'd rather not to. It's kinda surprising how long MySQL 5 has been out and these drivers don't exist. PDO works fine with MySQL 5. I've been using PHP5.1/PDO with MySQL 5 for quite some time, and recently PHP5.2/PDO with MySQL 5. I'm using it for an AJAX app for work, and a high-performance web log system for personal use. I haven't had any problems so far. A superficial look at the docs only says 3/4, but from experimental evidence, 5 seems fine. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] why so slow?
Richard Lynch wrote: On Thu, November 2, 2006 3:01 pm, Alan Milnes wrote: Don't call files .inc - call them .inc.php if you really must have the inc somewhere, that way the Web Server will actually treat it as a php file and not display your details to the world if accessed directly. A Bad Guy can surf to them, and your PHP code gets executed completely out of context, which you have never ever ever done any QA work on to see what effect that would have... Or, you could put your .inc files outside the web tree, and set http://php.net/include_path correctly, and then the Bad Guy cannot surf to them at all. And you can name them .inc or .class or .dingdongthewickedwitchisdead for all the difference it will make from a technical stand-point. IMHO, the second option is much better. Or you can .htaccess Deny From All them out... That's my preferred solution. It keeps the include tree near the code that accompanies it without risking anything even if they're called *.php. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] why so slow?
Richard Lynch wrote: On Fri, November 3, 2006 1:12 pm, Jon Anderson wrote: Or you can .htaccess Deny From All them out... That's my preferred solution. It keeps the include tree near the code that accompanies it without risking anything even if they're called *.php. Until you upgrade Apache and forget to enable .htaccess. Or somebody turns .htaccess off for performance. Or Junior Programmer wipes out your .htaccess file. Or you tar up the site to move it to Production, but your tar command doesn't do .htaccess unless you work at it. Or Junior Programmer over-rides your .htaccess in a lower-level .htaccess All of the above are simply too easy to happen in the real world, imho. You have to work a lot harder at it to intentionally expose a non-web-tree file to the web, even on accident. These problems are trivial to overcome, and not PHP related. You can argue it if you want, but there are upsides and downsides to both solutions...I can easily come up with parallel problems with the non-web-tree solution even though it is obviously a very good solution to a common problem. I really don't see the point in having two professionals butt heads over something so trivial. I'd much rather just have both solutions in my arsenal, and use whichever one fits the situation best. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Memory Allocation (checked via TOP)
Cabbar Duzayak wrote: Hi, I have written a simple test program to see how php allocates memory. Test code allocates ~10 Meg of RAM in an array within a loop till it runs out of memory as: $str = rand(65, 95) . rand(65, 95) . rand(65, 95) . rand(65, 95) . rand(65, 95); $aa[] = str_repeat($str, 200); What I don't understand here is, for every 10 Meg memory it allocates, mem usage goes up about 19 Megs when I look at this via top. Just looked over this really quickly, so I might have missed something, but it seems to me that you're allocating almost 20 megs... your $str is 10 bytes long (plus terminator and PHP overhead, whatever that turns out to be...), and you're repeating it two million times. 10 bytes times 2 million is 20 million bytes. 20 000 000 divided by (1024*1024) is 19.07 - it seems to me that you're allocating 19.07 megs, and top is showing you that it's allocating 19 megs...? Seems about right. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How does the Zend engine behave?
Take this with a grain of salt. I develop with PHP, but I am not an
internals guy...
[EMAIL PROTECTED] wrote:
Are the include files only compiled when execution hits them, or are
all include files compiled when the script is first compiled, which
would mean a cascade through all statically linked include files. By
statically linked files I mean ones like include ('bob.php') - i.e
the filename isn't in a variable.
Compiled when execution hits them. You can prove this by trying to
conditionally include a file with a syntax error: if (false)
include('script_with_syntax_error.php'); won't cause an error.
Secondly, are include files that are referenced, but not used, loaded
into memory? I.e Are statically included files automatically loaded
into memory at the start of a request? (Of course those where the name
is variable can only be loaded once the name has been determined.) And
when are they loaded into memory? When the instruction pointer hits
the include? Or when the script is initially loaded?
If your include file is actually included, it will use memory. If it is
not included because of some condition, then it won't use memory.
Are included files ever unloaded? For instance if I had 3 include
files and no loops, once execution had passed from the first include
file to the second, the engine might be able to unload the first file.
Or at least the code, if not the data.
If you define a global variable in an included file and don't unset it
anywhere, then it isn't automatically unloaded, nor are function/class
definitions unloaded when execution is finished.
Once you include a file, it isn't unloaded later though - even included
files that have just executed statements (no definitions saved for
later) seem to eat a little memory once, but it's so minimal that you
wouldn't run into problems unless you were including many thousand
files. Including the same file again doesn't eat further memory. I
assume the eaten memory is for something to do with compilation or
caching in the ZE.
Thirdly, I understand that when a request arrives, the script it
requests is compiled before execution. Now suppose a second request
arrives for the same script, from a different requester, am I right in
assuming that the uncompiled form is loaded? I.e the script is
tokenized for each request, and the compiled version is not loaded
unless you have engine level caching installed - e.g. MMCache or Zend
Optimiser.
I think that's correct. If you don't have an opcode cache, the script is
compiled again for every request, regardless of who requests it.
IMO, you're probably better off with PECL/APC or eAccelerator rather
than MMCache or Zend Optimizer. I use APC personally, and find it
exceptional - rock solid + fast. (eAccelerator had a slight performance
edge for my app up until APC's most recent release, where APC now has a
significant edge.)
Fourthly, am I right in understanding that scripts do NOT share
memory, even for the portions that are simply instructions? That is,
when the second request arrives, the script is loaded again in full.
(As opposed to each request sharing the executed/compiled code, but
holding data separately.)
Yep, I think that's also correct.
Fifthly, if a script takes 4MB, given point 4, does the webserver
demand 8MB if it is simultaneously servicing 2 requests?
Yep. More usually with webserver/PHP overhead.
Lastly, are there differences in these behaviors for PHP4 and PHP5?
Significant differences between 4 and 5, but with regards to the above,
I think they're more or less the same.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] connectivity weirdness
For what it's worth, for me telnet php.net 80 (then GET ...) takes ~25
seconds, most of which seems to be the reverse lookup. If I just telnet
directly to php.net's IP directly and do the same, it's instant. Doing
file_get_contents takes less than 1s numerically or not.
jon
(Replied directly to the list, 'cause I know you're on it, and I don't
see the need for you to get two copies of the same thing. :-)
Richard Lynch wrote:
The canonical PHP example of web-scraping:
?php echo file_get_contents('http://php.net/');?
fails on a machine I'm using.
I'm laying out here all the things I've done and eliminated, and it
got awfully long...
Short Version:
FC4 + LAMPP on 2 different private IP boxes at day job
file_get_contents('http://php.net') hangs and times out after 2 minutes.
telnet php.net 80 | GET / HTTP/1.0 hangs and times out after 2 minutes.
wget php.net WORKS
links php.net WORKS
My windows/cygwin desktop on the same subnet WORKS
[Well, windows is broken, of course, but that's not relevant here :-)]
ping and traceroute both work fine everywhere
What configuration boo-boo from a stock FC 4 + LAMPP install could
manage to break file_get_contents and telent, but wget and links
work?!
Long Version:
I've checked allow_url_fopen with phpinfo() and php -i
allow_url_fopen = On = On
Further analysys reveals some odd info:
telnet php.net 80
GET / HTTP/1.0
Host: php.net
[yes, I hit enter here]
just sort of hangs until it times out in TWO MINUTES
So you'd think that it's obviously the DNS records screwed up somehow,
with an extra-long 2-minute timeout instead of the usual 30 seconds.
Buuut:
wget http://php.net
works flawlessly
links http://php.net
works flawlessly
I can ping php.net just fine -- which is maybe a no-brainer with wget
and links working, but I like to check.
traceroute also looks normal to me, though I'm no expert
[aside: How come guys set things up so complex they gotta bounce my
routing between four of their own machines in the same data center?
What's up with that? (shrug)]
So, apparently, wget and links are doing something extra that breaks
through whatever this roadblock is for file_get_contents and telnet
80.
I thought it might maybe be some kind of header redirect support that
is lacking, but then telnet 80 would behave differently, and
file_get_contents should work for that. Plus I tried it on my own
site that does not have any kind of redirect headers going out, and
got the same results. file_get_contents/telnet fail. wget/links
works.
Now I realize that wget and links are vastly superior weapons and send
all kinds of extra headers.
But I can do the above script on other boxes, and it works fine, so
it's probably not the web-servers denying access on the basis of
sparse headers.
Now this could be a TWO MINUTE warning since the Bears are 5-0 or
whatever, but I think I'll ignore that possiblity for now.
I'm also fairly sure it's not even a PHP problem, but don't know where
to turn, so I'm posting here in time-honored fashion :-)
If it was consistently failing no matter the software used to scrape
(php, wget, links) I'd know it was DNS or the network card or
whatever.
But what would make telnet and file_get_contents fail and timeout
after 2 minutes, while wget and links work flawlessly?
Where would I even start? I'm checking in-house with our IT guys, but
they're mostly Windows guys, so if this is something specific to LAMP,
I'm down the tubes there.
The box is a duplicate of another box, and I installed everything
rather quickly to make them both match as far as I could tell.
Fedore Core 4
LAMPP
I don't know much about LAMPP, except they put everything in /opt
which was annoying, but it all works, so I just left it alone.
The RELEASE_NOTES document it as:
[2006-01-08] XAMPP for Linux 1.5.1
Since telnet is not acting right, I doubt that LAMPP is the culprit...
Oh, and of course I checked the other box, of which this is a
duplicate, and it behaves the same way.
The only thing I can tell you about our network topology is:
Box #1: 192.168.4.5 (the bulk of the email is about)
Box #2: 192.168.5.123 (the original just referenced)
Desktop: 192.168.4.13 (Windows box, with Cygwin, works fine)
All other Internet things I've done from my desktop work just fine --
Including the file_get_contents() referenced above. So now I've
narrowed it down to FC4 and/or LAMPP configuration, but have no idea
what to do next.
I'm definitely not a hardware guy, and not a network admin guy either,
so hopefully all this has made the answer painfully obvious to
somebody who is and they can help this poor befuddled application
developer out. :-)
Apologies for this NNOT post, but even a pointer of where to start
would be good. I suppose LAMPP would be my next guess, since it's
inconceivable that FC4 would be this borked without a zillion alarms
going off, but how could LAMPP manage to break this?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Re: [PHP] What is the smallest, fastest web server to run PHP and SSL (on a soekris box)
I've been through the research on that one a couple years ago, and I found that lighttpd/php-fcgi is the best combination... I've run lighttpd/php (FastCGI) on many soekris boxes. PHP runs beautifully. I've even done it in less than 8 megs of CF with uClibc/busybox. I've used the Soekris net4801s, 4501s and PC-Engines WRAP boards. I really have to say that I'm pretty impressed at how well PHP performs on a minimal CPU. If you want to chop resource usage, lighttpd is pretty slim and you can compile PHP with only the required modules built-in, and you only need to install the php fastcgi binary, nothing else. I've benchmarked apache v.s. lighttpd on my full-size box, and lighttpd holds it's own. It would probably destroy apache on a resource-limited box. On one of my 4801s, lighttpd is currently using 2M of memory, 10 PHP fastcgi processes appear to be using 36M. You could probably cut that down to however few processes you need. jon Daevid Vincent wrote: I need to run a httpd server that can serve up PHP, SQL Lite, and SSL on a little Soekris box (ie. a 486 with 32MB RAM and 32MB CF storage). Can anyone recommend something? How small can Apache get? AppWeb? http://www.mbedthis.com http://www.appwebserver.org/ What about lighthttpd? http://www.lighttpd.net Or the httpd that comes in the kernel? tux? Related, does anyone know of a tutorial or something that will help to reduce Apache to only the things really needed for PHP, mySQL, SSL? Right now, our Apache memory footprint is an astounding 120MB !! ÐÆ5ÏÐ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Send process to background
Richard Lynch wrote: On Fri, October 13, 2006 11:05 am, André Medeiros wrote: I am working on a backup system that needs to be called through a webpage to start the process. I am trying to do this on a one-file-only sollution. The thing is, the first request to the site needs to start the backup, but I didn't want to use any command-line tools, since some of our servers rely on safe_mode. Is there any way to send output to the browser on this first instance, finish the request, but keeping the PHP running and making the backup. Probably not, at least not in a portable way. In *some* OS configurations this might work: ?php `backup_script_here.xyz `;? No promises. A hack I've used was to make a standalone script, then call it via curl (http://localhost/path/to/script.php) with a timeout set to something short. Output can be sent to a file or database somewhere that can be read back and deleted later. That isn't pretty though... jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Denial of service
Ryan Barclay wrote: Thanks for the reply. I can't seem to find ignore_user_abort in my php.ini. I would like to do it at server level, rather than individual scripts. Do you know roughly where is it? I think there were some versions with this missing in the ini, which was later fixed. I'm guessing that if ignore_user_abort is set to on, this could be the culprit? Would simply adding the following to the ini work? Ignore user abort defaults to off, and doesn't necessarily help you if the clients don't terminate their connections properly, or they're actually trying to DoS you. I think your best bet is to either use some lightweight detection in PHP (and maybe send an HTTP error header if you're getting hit), or better yet, use a firewall if one is available to prevent the connections from even getting to your webserver and wasting its resources. (If your server is running on Linux, iptables should be able to do what you need, and there are more complicated solutions too.) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memory
Maybe I'm doing my math wrong here, but for 1 to 9, make a
string 9 bytes long, 10 including terminating null. (And PHP probably
includes a little extra for overhead)...
9 * 10 bytes = 90 bytes - that's about 9 and a half gigs...
jon
Doug Fulton wrote:
I'm running out of memory even though I upped it to
memory_limit = 500M in php.ini.
Error messages and script are below. Thanks in advance for any tips.
$ php -c /usr/local/php5/lib/php.ini createPseudoIDs.php crosswalk.txt
php(780) malloc: *** vm_allocate(size=1069056) failed (error code=3)
php(780) malloc: *** error: can't allocate region
php(780) malloc: *** set a breakpoint in szone_error to debug
FATAL: emalloc(): Unable to allocate 37 bytes
?php
// Create a complete mapping of SSNs to random Pseudo Keys
// Create array with all potential Pseudo Keys
$pseudoKeys = array();
for ($i=1;$i=9;$i++) {
$pseudoKeys[] = padToNine($i);
}
// Loop through all possible SSNs
$numLeft = 9;
for ($i=1;$i=9;$i++) {
$ssn = padToNine($i);
// Get random index into remaining pseudo keys
$maxRand = $numLeft-- - 1;
$randIndex = rand(0, $maxRand);
$pseudoKey = $pseudoKeys[$randIndex];
array_splice($pseudoKeys,$randIndex,1);
// Output it.
print $ssn.:.$pseudoKey.\n;
}
function padToNine($num) {
$final = '';
$cnt = strlen(strval($num));
$padding = 9 - $cnt;
for ($i=1; $i=$padding; $i++) {
$final .= '0';
}
$final .= strval($num);
return $final;
}
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] MySQLDump and master/slave Behavior
David Giragosian wrote: So, Question 1 is: does mysqldump's connection to the slave db exist for the entire script execution time, or just for the length of time of its own execution? I imagine if I used mysql_connect() in the script that it would be for the entire length of the script execution, but mysqldump makes its own connection, so I'm just not sure about this. Running mysqldump (an external program), the connection will only exist while mysqldump is running. PHP's connections and that of external programs are mostly unrelated. Besides, your problem isn't the connection, it's the locking that you're worried about. You can pass options to mysqldump to tell it to do as little locking as possible. That's what I do, considering that running mysqldump on a live database doesn't give you a totally up-to-date snapshot anyway. (I.e. as soon as you take a snapshot with mysqldump, it's out of date the instant there's another insert/update.) Question 2: Should I, just to be on the safe side, break out the mysqldump code into its own scipt, and run it, say, 30 minutes before the tar script? I don't think it matters. See above. I put my sql dump scripts into simple bash scripts that run from cron, but if you're more comfortable with PHP, I don't see any reason to switch nor to break it out. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alternative to FCKeditor
John Taylor-Johnston wrote: Anyone know of a good alternative to FCKeditor? Or a decent file uploader? Even after paying for a little help, I get zip for FCK. I need another solution, another editor with an active forum or support, John TinyMCE...I don't know how good/bad TinyMCE is, but if you can't use FCK, you could try it. http://tinymce.moxiecode.com/ jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Object to array conversion oddity
Marcus Bointon wrote:
Sure, but don't you think that coding should at least try to be driven
by logic rather than luck? I'm also not denying that it's not too hard
to work around (with a function not dissimilar to what you suggested),
but I'd really prefer it if it just did what it says on the tin. By
its very nature, casting from object to array indicates that you no
longer want the constraints of property protection, which an array
can't preserve anyway, and it's not as if there are not intentional,
documented methods of obtaining this information.
Along those lines, I think that logically, if you were to cast an Object
to an array, it should only export the public properties. Since the
private/protected properties aren't visible outside the class, it would
be safe to assume that they're not for public consumption. After all,
they're intended (by design of the class) only to be accessed via
functions defined in the class. I think PHP's behavior is a bit odd, but
still somewhat logical.
If you just want an array of properties, add this to your class.
public function getPropertyArray() {
$refClass = new ReflectionClass(__CLASS__);
$properties = $refClass-getProperties();
$propArray = Array();
foreach ($properties as $property) {
if (!$property-isStatic()) {
$name = $property-getName();
$propArray[$name] = $this-$name;
}
}
return($propArray);
}
And that'll do essentially what you're asking for. You could just call
it toArray() too, and even check for isPublic/isPrivate/isProtected for
some additional granularity.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Object Memory Leakage...
Sorry folks, this is a long one...I've re-read a bunch of the
documentation, and I can't find a solution.
In debugging an out of memory condition, I found that PHP doesn't seem
to garbage collect unreferenced objects. It seems to work fine for
anything other than objects. (Arrays, strings, integers, etc.)
Here's a simple example: define a class, create 3 instances, destroy
them in reverse order. I would expect that after each unset and/or NULL,
the memory usage would go down, they don't. See the output below.
?php
class Tester {
protected $test1;
protected $test2;
protected $test3;
protected $test4;
public function __construct() {
$test1 = rand();
$test2 = rand();
$test3 = rand();
$test4 = rand();
}
}
echo memory_get_usage() . \n;
$t1 = new Tester();
echo memory_get_usage() . \n;
$t2 = new Tester();
echo memory_get_usage() . \n;
$t3 = new Tester();
echo memory_get_usage() . \n;
unset($t3);
$t3 = NULL;
echo memory_get_usage() . \n;
$t2 = NULL;
echo memory_get_usage() . \n;
unset($t1);
echo memory_get_usage() . \n;
This outputs:
43344
43928
44232
44568
44640
44640
44640
Note: the memory usage remains constant after the objects are allocated,
even when they're unset/NULL'ed.
Some of the user contributed notes on the PHP documentation suggest that
the memory is actually freed and available for use by other
variables/objects even though memory_get_usage() says otherwise. Another
little test seems to disprove that too... The idea here is to allocate
close to 8 MB, then free it to show that it can allocate that data
within the memory limit. Then allocate enough class instances and free
them again such that the memory usage increases enough that the same
data allocated and freed initially doesn't fit anymore. If PHP did
indeed free the objects, the data would fit the second time too...
?php
ini_set('memory_limit','8m');
class Tester {
protected $test;
public function __construct() {
$this-test = rand();
}
}
echo Initial Memory Usage: . memory_get_usage() . \n;
$mb = 6 * 1024 * 1024;
echo Allocating 7 MB of data...;
$dat = ;
for ($x=0;$x$mb;$x++) {
$dat .= x;
}
echo Memory Usage: . memory_get_usage() . \n;
unset($dat,$x,$mb);
echo Unset Usage: . memory_get_usage() . \n;
$num = 32767;
$objects = array();
echo Initial Memory Usage (2): . memory_get_usage() . \n;
echo Allocating $num objects...;
for ($x=0;$x$num;$x++) {
$objects[$x] = new Tester();
}
echo Done. Memory Usage: . memory_get_usage() . \n;
echo Freeing $num objects...;
for ($x=0;$x$num;$x++) {
unset($objects[$x]); $objects[$x] = NULL;
}
echo Done. Memory Usage: . memory_get_usage() . \n;
$mb = 6 * 1024 * 1024;
echo Allocating 7 MB of data...;
$dat = ;
for ($x=0;$x$mb;$x++) {
$dat .= x;
}
This gives:
Initial Memory Usage: 44248
Allocating 7 MB of data...Memory Usage: 6335888
Unset Usage: 8
Initial Memory Usage (2): 44504
Allocating 32767 objects...Done. Memory Usage: 7752920
Freeing 32767 objects...Done. Memory Usage: 2807080
Allocating 7 MB of data...
Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate 1 bytes) in /home/janderson/svn/memtest.php on line 44
Am I missing something? (Is there a force_garbage_collection() function
somewhere that I'm missing?) Any suggestions/workarounds/anything would
be most appreciated.
Cheers,
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Object Memory Leakage...
Richard Lynch wrote: If you get no satisfaction on PHP-General, PHP-Internals may be able to help... Might have to give that a shot...Subscribing to one more mailing list can't hurt I guess. :-) Thanks for the suggestion. You really need to specify PHP version and platform and all that, though, as what you are seeing may not be universal. Linux 2.6.14.(something), PHP 5.1.6 (dotdeb), Apache 2.0.54, Debian Sarge i386. All that running on dual Opterons with a couple gigs of ECC with a couple hundred gigs of mirrored hardware SCSI raid. The kernel is x86-64, but most of userland is 32-bit. Cheers, jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Frustrated trying to get help from your site
Jay Blanchard wrote: So let me send a rant to other users, in fact a general list of users, because I cannot read. If I could I would know that I subscribed to a list where questions are asked to other users rather than me trying to send an e-mail to the president of PHP (a hat worn proudly). The entire sire is documentation and anywhere from one to five minutes of even the lightest reason would have spelled that out, not to mention that the second link across the top of the page says in very vague terms, 'documentation'. Is this a run on paragraph? I am asking because English is incredibly frustrating and difficult to use. Department of Technology indeed. As an aside, I think that the online and offline (downloadable) PHP documentation is probably the clearest, best organized and complete set of documentation for any programming language I've run into online. I honestly think that the PHP coders/documentors deserve a lot of gratitude for the immense effort that must have gone into documenting the immense list of built-in stuff that PHP has. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security include from remote server
Miguel Vaz wrote: Yes, 10 minutes after i sent my last email i realized that. They would be txt files, easily read anywhere. Encoders, you say? What do you mean? This is one example. There are many more. http://www.zend.com/products/zend_guard I'm not sure if there are any open-source encoders, but I wouldn't be surprised either way. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security include from remote server
Brad Fuller wrote:
Miguel -
If my solution is not viable, is there any other way of hosting my
files someplace else, but still access the local database?
Yes. Your remotely hosted code would call the database on your local
server. Something like:
? $link = mysql_connect(foo.com, bar, PASSWORD); ?
You would also need to allow the connection from the remote host in mysql.
mysql GRANT ALL ON foo.* TO bar@'202.54.10.20' IDENTIFIED BY 'PASSWORD';
If you don't want to expose your database directly to the internet, you
could have a PHP intermediary service - your local code could be limited
to one PHP script that would enforce HTTP authentication (over https to
maintain security), and could forward SQL queries and responses from the
database. Your remote code could call the local intermediary service.
I personally don't understand why you'd need to store code remotely but
execute it locally, unless you're concerned about the office stealing
your code, or using it without permission...If you aren't concerned
about code theft, there are lots of ways you could store code remotely,
e.g. a very raw/simple/uncomplicated/ugly:
$src = file_get_contents('http://server/code.php.txt');
file_put_contents('/tmp/code.php',$src);
include('/tmp/code.php');
unlink('/tmp/code.php');
But there are at least a few reasons why I wouldn't recommend doing that...
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Iteration through letter
Norbert Wenzel wrote:
Hi,
just for fun I tried the following code:
code
for($letter = 'A'; $letter = 'Z'; ++$letter) {
echo($letter . ' ');
}
/code
What surprised me was the output, which looked like this:
A B C [...] Y Z AA AB AC [...] YY YZ
I don't have any idea how these letters get printed out, so I'd
appreciate any guesses or explanations.
This was discussed a lot a couple months back (Rasmus answered it about
20 times). This is my rendition.
When you increment a string, you get:
'A' + 1 is 'B'
...
'Z' + 1 is 'AA'
Because of how string comparisons go, 'AA' is greater than 'Z' (strings
are compared letter by letter), so the loop won't terminate at 'Z', like
you'd expect.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] security include from remote server
Miguel Vaz wrote: Yes, right on the spot. Main reasons being code theft and using it on other projects. This being done by our office (its actually a college and i work in a multimedia department) system administrators, which are nothing left than arrogant leaches. All i was missing from your suggestion was the fact that i would need to have my files remotely hosted and not using the .php extension. Great help, thanks. If your sysadmins are trying to steal the code, all they'd have to do is download the same code your local scripts refer to (http://server/code.php.txt)...Seems to me that you might be better off using an encoder of some kind so they don't get their hands on the source. Using what I suggested is in no way secure or fast. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Question on explode and join.
Beauford wrote:
I have a form which I want to check for inappropriate words before it is
posted. I have used explode to put the string into an array using a space
as
the delimiter and then I check it against another array that contains the
inappropriate words.
I then replace the inappropriate words with *'s and join the array back
into
a string.
This works perfectly except for one thing.
If the word in the string has a any kind of punctuation after it (period,
comma) it won't be matched.
So if moron is an inappropriate word then you are a moron works, but
you
are a moron. won't.
Any ideas?
$filtered =
str_ireplace(array('naughty','words'),array('*','*'),$_POST['input_string']);
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Newbie question about ?= ?
Satyam wrote:
for ($x=0;$x1000;$x++) {
echo ' trtdX is ' , $x , '/td/tr';
}
This seems to be a hair faster. I extended the test to 1 requests
(still concurrency 10) to make the test a little more reproducible:
echo str,var,str did 604.65 requests a second where trtd?= $x
?/td/tr did 599.63 requests a second. I also tried echo str . var .
str, and it came in at about 584.55 requests a second. printf(str %i
str,var) came out at 547.01 requests a second and printf(str %s
str,var) was only 452.03 requests a second.
Can you try and time that one so we have comparable results? This one
should be second best:
for ($x=0;$x1000;$x++) {
echo trtdX is $x/td/tr;
}
Approximately 330 (?!) requests a second for that one.
Back again to what would be 'longer', well, in your example, the whole
header, up to the loop itself should be faster if sent out of PHP.
Likewise, you could echo $buffer right after the loop, drop out of PHP
and send the footer as plain HTML. This, of course, is harder to time
since it happens only once. I admit though that I did time the
options I listed and on the 'dropping in and out of PHP' I'm relying
on the PHP manual ( see
http://www.php.net/manual/en/language.basic-syntax.php, the first
paragraph after the examples) and the source of the lexical scanner,
which supports that, though your numbers do contradict it. Interesting.
I'm not sure that my results would count as contradictory - I'm running
APC which would likely throw performance related numbers out of whack as
compared to out-of-the-box PHP.
Because of that, I wouldn't recommend anyone take my numbers too
seriously - they're just an example taken from my server: 1.8 GHz
SMP/1G/RAID5/Linux 2.6.17.7/Apache 2.2.3/PHP 5.1.6/APC 3.0.12p2. Anyone
else's results would probably vary widely.
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Newbie question about ?= ?
Al wrote:
Structurally, there is a far better way to compile your html pages.
This approach is easier to design and debug and it is faster since it
sends one complete packet instead of one for every short tag. And, it
saves using ob_start() and ob_flush().
Consider:
$report= '';
$report .= function() [or whatever]
. repeat as necessary to assemble your complete page.
Then simply
echo $report;
I thought I'd look into this, because I'm a bit of a performance nut - I
like my code to run as fast as possible at all times. I wrote up a
quick buffer v.s. direct benchmark for this, and the winner is clear:
direct output is much faster. (If my example below isn't what you
meant, please let me know. I'm always happy to hear new ways to
improve my code.)
Best of 3 runs with apache bench (concurrency 10, 1000 requests total):
Direct output: 582 requests a second
Buffer var: 286 requests a second
I believe the margin would get wider with real-world usage, as the
buffer variable would increase in size. My test code is copied below.
jon
--- Direct output: testecho.php ---
html
head
style type=text/wastespacetosimulateastylesheet
style1 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style2 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style3 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style4 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
/style
/head
bodytable
?php for ($x=0;$x1000;$x++) { ?
trtdX is ?= $x ?/td/tr
?php } ?
/table/body
/html
--- Buffered output: testbuffer.php ---
?php
$buffer = '
html
head
style type=text/wastespacetosimulateastylesheet
style1 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style2 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style3 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
style4 {
a = 1;
b = 2;
c = 3;
d = 4;
e = 5;
f = 6;
}
/style
/head
bodytable';
for ($x=0;$x1000;$x++) {
$buffer .= trtdX is $x/td/tr;
}
$buffer .= '/table/body
/html';
echo $buffer;
?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Memcache function usage
Chris wrote: Hi, I'm trying to use memcache ( http://uk2.php.net/manual/en/function.memcache-add.php ) but I'm having a problem. When using the add/set functions I want to set an expire time, but dont want the data to be compressed (using small strings it seems silly to try to and compress), what do I put for flags to allow me to use the extra expire parameter? Just pass NULL or 0 as the flags argument, and pass the expiry time as usual. E.g. $obj-add/set($var,$val,0,$expiry) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to add user to linux using php
Michelle Konzack wrote: Am 2006-09-05 08:36:21, schrieb Jon Anderson: Or create a simple shell/perl/php/whatever wrapper for adduser, and allow sudo for that wrapper by the web server user only. For example, you could create a wrapper that only allows one alphanumeric argument for the username, and another for the password. That would not be POSIX compliant... A USERNAME must be: ^[A-Za-z_][-_.A-Za-z0-9]* So the allowed chars should at least: -_.A-Za-z0-9 IMO, what characters you allow in usernames on your systems is unrelated to POSIX. It's a policy decision. POSIX merely defines what compliant operating systems (and components) must support. I only allow usernames with 5-8 alphabetic characters on systems that I manage - as a human, I'm not POSIX compliant? ;-) But his can be easily checked in PHP. And ONLY after this passed to your wraper script. They can also be easily checked from your wrapper with sed, wc, grep, etc. - if your web server is compromised, you don't want to allow the person to execute a script that doesn't properly check it's input parameters. (That's my paranoia talking. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to add user to linux using php
J R wrote: 1. give user apache the addusser priviledge (which is very unsecure), then execute shell_exe as root would. 2. create a root process like a cron job which will start at boot of your server, then on your shell_exe pass your command to that process and have that root process execute that command (bit more secure). Or create a simple shell/perl/php/whatever wrapper for adduser, and allow sudo for that wrapper by the web server user only. For example, you could create a wrapper that only allows one alphanumeric argument for the username, and another for the password. The wrapper could use defaults like /home/webusers/username, and /bin/false as the shell, etc, etc. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is this unsecure?
Ruben Rubio wrote: md5 is unsecure. Use sha1 ( http://www.php.net/sha1 ) instead SHA1 has also been partially broken. Until more hash algorithms work their way into PHP, using both md5 and sha1 plus the remote IP as mentioned in a previous email would certainly add to the security of the system. Personally, I think that md5 is fine for the purpose outlined. I believe that md5's weakness is in that it's possible to generate collisions, so since in this case the original email is known, collisions are less relevant. (They're trying to crack the password that is the appended letters, by brute-forcing combinations of character group 1emailcharacter group 2. It seems to me that collisions don't help. Please correct me if I'm wrong - I'm definitely no cryptographer. ;-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to add user to linux using php
eqla3.com eqla3.com wrote: is there any way to add user and apply password by executing shell command through php? Depending on the distribution, you should have a user addition command that takes a password argument. In my case, useradd other args -p 'password' user. Check the manual page for adduser , useradd or your distribution's variant. Worst case, you can even make a wrapper around the command with shell script that'll do the multiline echo for you. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Texture and wrap
Emil Edeholt wrote: I would like to output an image from php where an input image is textured and wrapped around a frame. Like when you assemble a canvas on a frame (on, not under). So I get a sort of canvas looking texture on the image and that the edges of the image are wrapped around the sides of the frame in a 3d-ish look. Your description is pretty ambiguous, so I'm going to take a guess... I think what you're talking about is essentially doing 3D rendering. Taking an abitrary shape made of polygons (the frame) and wrapping a texture around it to form a 3d-ish looking object...? I'm not familiar with any way of doing it, but: - http://pear.php.net/package/Image_3D might be a start - http://www.icarusindie.com/DoItYourSelf/rtsr/php3d/ has a pretty neat little writeup on how to do software 3D rendering in PHP. You could use the same principles to do 3D. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: character set when sending emails with PHP
Angelo Zanetti wrote: thanks for the reply, I've got the classes now how do I know which character set to use for the TM to be shown correctly? Character sets can be a nasty business... You were using the ISO-8859-1 character set in your headers. TM doesn't exist in that character set. That's why it showed up as a box in many email clients. You should probably find out what character set you're using/storing/sending - if you're using Windows, it's probably Windows CP1252 (http://en.wikipedia.org/wiki/CP1252). UTF-8 (any many others) also support(s) the TM symbol, but chances are that your OS doesn't use UTF-8 by default. You can use PHP's multi-byte string functions to manipulate character sets, but be warned that there are tricks to it, for example, mb_detect_encoding will detect CP1252 as ISO-8859-x, so you have to manually specify CP1252 for conversion if you're sure that's the source character set. (There are other character sets that seem to have similar behavior too.) Of course email needs to be sent in 7-bit ASCII, so you'd need to encode your message with quoted-printable or equivalent. The classes mentioned earlier probably accomplish this. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] S: function to remove break URLs
RalfGesellensetter wrote: Dear list, does anybody of you know these spammers filling up your guestbook with URLs? With strip_tags, I managed to remove the html tags. But what I want is this: 1. Detect such entries (to hide them by default) 2. Destroy URLs As for 2. I am thinking of adding spaces after at least every 12 characters (or even after every dot) - what do you recommend? Just removing http://; still leaves the domain behind. A good start could be to replace . by . and / by / . Guestbook spam (and comment spam) is something I'd like to try to eliminate altogether myself. I don't think there are any one-size-fits all solutions out there yet for detection/elimination. I'd personally like to hear any effective solutions people have found in PHP to combat this stuff. In reference to the detection part; In my case, 95%+ of the spam entries have links that contain one of about 5 words (casino, pharm, drug, stock, or invest), so I could eliminate most spam by automatically trashing all entries that contains a link with one of those key words. I don't know if you're lucky enough to have spammers as predictable as mine, so that may not be an effective solution for anyone but me. In terms of destroying URLs, what happens when a real guest wants to put a URL in their entry? Seems to me that you might be overshooting... You might be better off finding some way of preventing the data from even entering the system, for example, a captcha type system. They have accessibility problems, but I've read about solutions that use simple JavaScript to automatically enter the captcha code into the correct field and hide the captcha and the field so that the whole process is transparent to the user (including users with screen readers), whereas if JS is disabled, the captcha is shown and the code must be entered. This is based on the assumption that current spam robots that don't incorporate a JavaScript execution engine. Not sure how effective it is, but it's an interesting idea. Anyone want to share some spam-fighting success stories? jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mail reply-path
bob pilly wrote: Im trying to send emails using the mail() function but im having a problem. Because the box that the scripts sit on is a shared web-hosting package the Reply-path part of the header always comes up as [EMAIL PROTECTED] but i have set the from part of the header to [EMAIL PROTECTED] A lot of people are not getting the emails (most are) and im picking that its because the domains on the 2 header parts are different and they have some sort of antispam policy which blocks these. Apart from changing the domains or email addresses to be the same has anyone seen this problem before and if so can you give advice or point me to some relevant docs on it? I have tried to change the Replay-path: part of the header with code but it seems to default to the above. I think you're looking for the 'Return-Path' header rather than the reply-path. (Or perhaps even Reply-To?) Try something like this: $from = 'A User [EMAIL PROTECTED]'; $eol = \r\n; /* or sometimes \n */ $headers = Return-Path: $from$eol; $headers .= From: $from$eol; mail($to,$subject,$message,$headers); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Andrei wrote: Then get a SSL certificate and let the browser do the job. If you do it with JavaScript or open-code language why shouldn't I just take your code and sniff the data you/the browser sends and decrypt it. Just playing devil's advocate here...But I believe that if implemented properly, encryption/decryption on the client could be secure, for example a diffie-hellman key exchange with AJAX, followed by encryption. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Jay Blanchard wrote: [snip] Just playing devil's advocate here...But I believe that if implemented properly, encryption/decryption on the client could be secure, for example a diffie-hellman key exchange with AJAX, followed by encryption. [/snip] Doesn't matter the key, you must use SSL to encrypt from client to server. Why *must* you use SSL? Again, devil's advocate here (SSL is probably much better) but that doesn't mean that you can't use some crazy JS and PHP to implement some alternative encryption technique. (Say a symmetric algorithm that isn't implemented in any standard SSL implementations, or a proof of concept etc.) For example: - Client (javascript) and Server (PHP script) decide on some key via secure key negotiation. - One end encrypts message using key and wacky encryption algorithm, other end decrypts it. Same thing again, client/server reversed. SSL is obviously the recommended, trusted, proven, and accepted way of sending secure data, but there could potentially be cases where someone would want to try something else. It's not that it can't be done, it's more that there's no reason to do it that way. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Jay Blanchard wrote: This still leaves any Javascript exposed, doesn't it? Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc are all publicly available, why bother hiding their JavaScript implementations? Only the data would be encrypted. jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Jay Blanchard wrote: Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc are all publicly available, why bother hiding their JavaScript implementations? Only the data would be encrypted. [/snip] So, you're suggesting that you can use Ajax or some other mechanism to hide the key on the server? There's no hiding. You could use a secure key exchange mechanism, such as Diffie-Hellman. Diffie-Hellman is used to generate a shared key between two hosts (say A and B) such that each host knows the key, but any third party listening in on the information is unable to trivially reconstruct the key. See: http://en.wikipedia.org/wiki/Diffie-Hellman jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Jay Blanchard wrote: I am quite familiar with diffie-helman and have used it extensively with PGP and can see how it would be used like this, but isn't this a munged fix as opposed to using SSL? Yep. :-) There are cases (testing new algorithms, proof of concept, something I haven't thought of, etc.) where you either can't or might not want to use SSL. Though as myself and others have said, SSL should clearly be the preferred option. The question isn't whether it should be done, but whether it could. ;-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] AES client side
Robin Vickery wrote: How about if the third party can control one side of the transaction by altering the javascript that implements it while in transit - for instance by adding a couple of lines that transmit the key to the third party after the key exchange? If the algorithm written in JavaScript is both trusted and installed beforehand (like SSL libs) You're right though. Without having some trust mechanism, the whole thing could collapse. In fact, if you're using Diffie-Hellman, and have a third party in the middle that is capable of altering data, they don't even have to alter the code. They can simply use the man-in-the-middle attack, and I don't think anyone would bother writing certificate handling functions in JavaScript to authenticate each party. :-) jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] APC - problems with CLI odd return values from apc_clear_cache()
Just replying to the list on this one 'cause I'm pretty sure you're on it. :-) AFAIK, with many caches the web server cache and CLI caches are exclusive to each process. The APC manual seems to suggest that the CLI cache is not connected to the web server cache: From: http://ca.php.net/manual/en/ref.apc.php apc.enable_cli *integer* http://ca.php.net/manual/en/language.types.integer.php Mostly for testing and debugging. Setting this enables APC for the CLI version of PHP. Normally you wouldn't want to create, populate and tear down the APC cache on every CLI request, but for various test scenarios it is handy to be able to enable APC for the CLI version of APC easily. jon Jochem Maas wrote: hi people, PHP version:5.1.1 (last built: Dec 28 2005 16:03:22) APC version:3.8.10 Apache version: 2.0.54 (last built: Dec 29 2005 14:04:16) OS: debian I have a script that runs via the cmdline, it's used to import/update data in a database, after the script is run the APC cache needs to be cleared so that that the new/updated data is visible on the website. to do this I call a static method of my cache management class which effectively performs the following: apc_clear_cache(); apc_clear_cache(user); this used to work, but now it does not (atleast not on the cmdline; calling the above mentioned method via a webrequest still works). I have not recently updated php, apc or apache, neither have made any changes to the php.ini configuration. someone else may have updated the OS/system (and I can't rule out that . to test the problem I ran the following code at the cmdline: # php -r 'var_dump( ini_get(apc.enable_cli), apc_clear_cache(), apc_clear_cache(user) );' this is the output I get: string(1) 1 NULL bool(true) so apc is enabled for the cli, cache clearance seems to work but when I checking the output of the apc.php file (shipped with the apc package) I see that nothing has been cleared; performing the same apc_clear_cache() calls (by way of pressing the buttons on the page output by apc.php) via the webserver module *does* clear the cache. it seems all of a sudden that the CLI and then apache SAPI are looking at different caches - running apc_cache_info() apc_sma_info() on the commandline show nothing in the cache whereas viewing the stats produced by apc.php (via the webserver) shows plenty of stuff in the cache (both before and after running apc_cache_info() apc_sma_info() on the commandline) can anyone offer some help/idea/etc? Another Thing: === although the manual states that apc_clear_cache() should always return a boolean calling it calling the function without any args *always* returns NULL. can anyone say whether this is a bug or a documentation problem? My APC ini settings (as defined in a seperate apc.ini): === ; Enable APC extension module extension = apc.so [APC] apc.enabled = 1 apc.shm_segments= 2 apc.shm_size= 128 apc.optimization= 0 apc.num_files_hint = 2000 ; ? apc.ttl = 180 apc.gc_ttl = 0 apc.slam_defense= 0 apc.file_update_protection = 0 ; 1 apc.cache_by_default= 1 apc.enable_cli = 1 apc.filters = -.*\.class\.php ; +\.tpl\.php,+.*\.interface\.php,+.*\.funcs\.php ; +.*\.class\.php ;apc.max_file_size = 8M apc.user_entries_hint = 0 apc.user_ttl= 0 ; this fixes a bug that causes $_SERVER not to be defined on 2nd/subsequent requests auto_globals_jit= Off -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] captcha and blacklist
So you want a blacklist that bans IPs for some amount of time, and that's capable of sharing the blacklist between multiple HTTP servers... Seems to me that you need some sort of central or shared database...I'm not quite sure why SQL wouldn't be an option, but it seems to me that it should be. You could also use something like memcache on one of the servers to store blocked IPs. It would likely be somewhat faster than SQL, and is simpler as well. Memcache has a built-in timeout mechanism that could work rather well for that sort of thing as well. If you need to block IPs without using a PHP solution, you could hack something together with your platform's native firewall utility (e.g. iptables/netfilter for Linux). It seems to me that DNS would be even more of a kludge. I believe that memcache or SQL would be a significantly cleaner solution. jon nicolas figaro wrote: Hi, I'd like to set a captcha on my web server(s). The code works quite fine, but I'd like to blacklist (for an amount of time) the ips that failed with the captcha x times. The web server works with an SQL server, but I cannot ask the page to check for each IP with a request to the database. I can't also store the blocked IP to a filename on the server, because the site is served by several http servers. I thought about a DNS server for the blacklist (the same way it works for antispam), but perhaps someone has a better idea ? thanks N F -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Error Reporting for file commands
You could try prefixing the unlink function call with an @:
if (file_exists($fn)) {
@unlink($fn);
}
The @ should suppress any errors.
jon
James Nunnerley wrote:
We've created a file manager which allows users to access their web space on
a server. It's working brilliantly, except that it would seem there are
some caching issues, either by the system cache or the web server cache that
are causing us a headache.
When the script tries to delete a file, we always check (using file_exists)
to see whether the file exists before it's deleted.
The check comes back true, but the unlink then fails, saying no file or
directory there!
We've tried turning off all errors (using error_reoprting(0) ) but this
would seem to have little difference in the error - it still comes back with
a failure.
We are using our own error handling, but before the command is carried out,
there is this 0 call...
Does anyone know how we can stop these errors?
Cheers
Nunners
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] UTF-8 With content-type text/xml problem.
I'm somewhat new to this stuff as well, so take this with a grain of salt...
Someone else was hinting at this, but more directly, try running
utf8_encode() on whatever part of your data that requires utf8 encoding.
In the case of your example, you could just utf8_encode the test get
variable. To extend your example a little:
header('Content-Type: text/xml; charset=utf-8');
print ?xml version=\1.0\ encoding=\utf-8\ ?\n;
print test\n;
print origEncoding . mb_detect_encoding($_GET['test']) .
/origEncoding\n;
print utf8data1 . utf8_encode($_GET['test']) . /utf8data1\n;
print utf8data2 . mb_convert_encoding($_GET['test'],'UTF-8') .
/utf8data2\n;
print /test\n;
I tried this with: 會意字/会意字, which I stole from Wikipedia. I don't
have a clue what it means.
jon
Mathijs wrote:
Hello ppl,
I have a big prob.
I have a page which post some input.
This input can be UTF-8 like chinese or other utf-8 chars.
Also i need it to return UTF-8 and it has to be xml.
For some strange reason this isn't working.
Small example.
PHP Code:
?php
header('Content-Type: text/xml; charset=utf-8');
print '?xml version=1.0 encoding=utf-8 ?'.\n;
print 'testdata'.$_GET['test'].'/data/test'.\n;
?
as GET var fill in something like ?test=éëêæ
This will break it..
Only Opera does a good job. Firefox and IE both can't handle it.
If i remove the header Firefox goes well.
IE Still can't handle it.
I Just need simple XML with UTF8 data.
PS:
This also breaks database saving, it doesn't save correct.
And i have mbstring installed.
Thx in advance.
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0629-1, 07/19/2006
Tested on: 7/21/2006 11:17:03 AM
avast! - copyright (c) 1988-2006 ALWIL Software.
http://www.avast.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Setting cookie on one domain for an other domain
AFAIK, this could be a security risk, so even if PHP would allow it (which it might - I don't know), there is a good chance most browsers would not. I certainly wouldn't count on being able to do so. You could however use something like AJAX to do an asynchronous request to domain2, which would be allowed to set the domain2 cookie by virtue of actually being domain2. jon Peter Lauri wrote: Best group member, When a user does a specific action on domain1.com I want a cookie to be set so that domain1.com and domain2.com can reach it. Ok, after reading the manual for setcookie() I tried this: setcookie(thevariable, thevalue, time()+60*60*24*30, /, .domain1.com); setcookie(thevariable, thevalue, time()+60*60*24*30, /, .domain2.com); However, I can not detect the cookie at domain2.com. A solution would be to just make a redirect to the other domain where the cookie is set and then return. Question is: Can I not set a cookie at domain1.com to work at domain2.com? Best regards, Peter Lauri -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User defined function problem
This would be the simplest work-around I can think of.
In your config script, wrap an if around your function call:
if (!function_exists('clean_sql')) {
function clean_sql() {
...
}
}
jon
Stephen Lake wrote:
Hey Guys and Gals,
I am having a small problem with a user defined function, I placed it in a
config file and it works as expected, but the problem seems to arise only
when I try to use my login script for a members area I am redeveloping.
The error message that comes up is the following:
Fatal error: Cannot redeclare clean_sql() (previously declared in
C:\Apache2\htdocs\braille\config.php:94) in
C:\Apache2\htdocs\braille\config.php on line 108
The problem is its claiming that I am trying to redeclare the function in
the config file when there is only the original function.
I checked in other area's where this config file is being used and I do not
get this error. Nor am I including other files that have the config included
in them.
The problem is only in my login script. If anyone can give me a little
insight into this error I would be greatly appreciated.
Best Regards,
Steve
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] User defined function problem
Oh, and the other obvious thing that I omitted would be to try using either the include_once() and require_once() functions wherever you include() or require() config.php. jon Stephen Lake wrote: Hey Guys and Gals, I am having a small problem with a user defined function, I placed it in a config file and it works as expected, but the problem seems to arise only when I try to use my login script for a members area I am redeveloping. The error message that comes up is the following: Fatal error: Cannot redeclare clean_sql() (previously declared in C:\Apache2\htdocs\braille\config.php:94) in C:\Apache2\htdocs\braille\config.php on line 108 The problem is its claiming that I am trying to redeclare the function in the config file when there is only the original function. I checked in other area's where this config file is being used and I do not get this error. Nor am I including other files that have the config included in them. The problem is only in my login script. If anyone can give me a little insight into this error I would be greatly appreciated. Best Regards, Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
