Re: [PHP] Friday's Question
Tedd Sperling t...@sperling.com wrote on 09/20/2013 10:51:49 AM: Do you use a Mousepad? [-snip-] Age: Bag Bomb Mousepad: Yes Padding for my wrist and quieter moving the mouse around - no scraping. So yes, I'm even too old to be plugged into an iPud or an iPeed, whatever they are :) Kirk
[PHP] PHP: superior code quality
A little note about our favorite language: Linux 2.6, PHP 5.3, and PostgreSQL 9.1 are recognized as open source projects with superior code quality and can be used as industry benchmarks, achieving defect densities of .62, .20, and .21 respectively. http://www.coverity.com/html/press/open-source-code-quality-on-par-with-proprietary-code-in-2011-coverity-scan-report.html Kirk
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
07:25:36 PM:
[image removed]
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh
to:
Kirk.Johnson, PHP General List
02/17/2012 07:26 PM
On Feb 17, 2012, at 3:34 PM, kirk.john...@zootweb.com wrote:
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
12:36:06 PM:
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP
directory I
am working with may change periodically, so it is my understanding
that I
can't hash a new password according to a specific scheme, e.g.,
{SHA},
on
my side. Instead, I should use an Extended Operation and let the
directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any
example
code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues
depending on if the requesting application was Linux or windows due
to the different Linux LDAP libraries.
When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
Kirk,
What i've been trying to do, is revive the patch i found here:
http://www.mail-archive.com/internals@lists.php.net/msg19665.html
It provides a lot of the functionality that you can only imagine and
more, but it fails against versions 5.3.x.
I sent an email to the original maintainer, Pierangelo, but have not
received a response yet on that status of maintenance.
Do you use OpenLDAP? I am not sure if it built, if it would support AD
or not.
Mike Mackintosh
PHP, the drug of choice - www.highonphp.com
Had a nice 3-day weekend ;)
Yes, using OpenLDAP 2.x. I found the same Internals email thread from
Pierangelo.
Looking at Example #2 in the documentation for ldap_set_option, it appears
that exop's might be supported, since the example uses an OID. Did you
play around with the LDAP_OPT_SERVER_CONTROLS option at all, or am I
completely off track there?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Do an LDAP Password Modify Extended Operation?
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP directory I
am working with may change periodically, so it is my understanding that I
can't hash a new password according to a specific scheme, e.g., {SHA}, on
my side. Instead, I should use an Extended Operation and let the directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example code
anywhere.
TIA
Kirk
Re: [PHP] Do an LDAP Password Modify Extended Operation?
Mike Mackintosh mike.mackint...@angrystatic.com wrote on 02/17/2012
12:36:06 PM:
On Feb 17, 2012, at 10:57, kirk.john...@zootweb.com wrote:
Is it possible to do an LDAP Password Modify Extended Operation, as
specified in RFC 3062? The password hashing scheme in the LDAP
directory I
am working with may change periodically, so it is my understanding
that I
can't hash a new password according to a specific scheme, e.g., {SHA},
on
my side. Instead, I should use an Extended Operation and let the
directory
do the hashing. Is that correct? The help page for ldap_set_option
suggests that it might be possible, but I sure can't find any example
code
anywhere.
TIA
Kirk
I have an example of this on my lab box at home. I noticed issues
depending on if the requesting application was Linux or windows due
to the different Linux LDAP libraries.
When I get home I'll forward you the example of what I have so far
Woohoo! Extended Operation doesn't seem to be a practice that is in
wide-spread use. Looking forward to what you've come up with. Thanks.
[PHP] When will the ereg extension be removed from PHP?
All, The ereg extension was deprecated as of version 5.3.0. Does anyone know what the schedule is for removing it completely? Thanks. Kirk
Re: [PHP] When will the ereg extension be removed from PHP?
kirk.john...@zootweb.com wrote on 01/17/2012 09:59:43 AM: The ereg extension was deprecated as of version 5.3.0. Does anyone know what the schedule is for removing it completely? Answering my own question, it looks like not before 6.0: http://marc.info/?l=php-internalsm=132618195307998w=2 Sorry for the static :) Kirk
Re: [PHP] $_POST vars
Nathan Nobbe quickshif...@gmail.com wrote on 04/13/2011 12:47:11 PM: [much snippage] no, it's actually a better practice. users are expected to populate arrays they create. the $GLOBALS array is expected to be populated by user scripts. The $_POST array is expected to be populated by PHP. by the time you've decided to stuff variables into $_GET or $_POST yourself you've decided to start mixing variables from your code with variables from the client. simply put these arrays are not intended to be populated by user scripts. I like Chris Shiflett's approach, which emphasizes security. Step 1 with posted (tainted) data is to sanitize it. Clean values are then moved from $_GET/$_POST into a new array, e.g., $CLEAN, so that it is immediately clear to code reviewers, future support programmers, etc., that the data is now clean and safe to use. With this approach, $_POST is only used at Step 1 and then disappears from the remaining code; $CLEAN is used in subsequent steps. Using $_POST out in the middle of nowhere *looks* like it could be a security flaw, whether it actually is or isn't. And you know how Joel Spolsky feels about code that *looks* like it could be an error ;) But, yes, you can use $_POST just like any other array. Not a practice I prefer, but YMMV. Kirk
RE: [PHP] php processing name vs. id field
Bob McConnell r...@cbord.com wrote on 07/02/2010 08:53:30 AM: Arguments against using/dismissing the name attribute in tags is simply nonsense. This discussion began when I pointed out that the name attribute is deprecated in XHTML. This was later confirmed when someone pointed to the actual specification at http://www.w3.org/TR/xhtml1/, however there may be some confusion about the scope of the change. The applicable section is shown below. Apparently HTML 5 is planning to take a different path. Of course, nobody knows that for sure since the spec is far from complete and will likely be undergoing major changes for several more years. Bob McConnell -8 4.10. The elements with 'id' and 'name' attributes HTML 4 defined the name attribute for the elements a, applet, form, frame, iframe, img, and map. HTML 4 also introduced the id attribute. Both of these attributes are designed to be used as fragment identifiers. In XML, fragment identifiers are of type ID, and there can only be a single attribute of type ID per element. Therefore, in XHTML 1.0 the id attribute is defined to be of type ID. In order to ensure that XHTML 1.0 documents are well-structured XML documents, XHTML 1.0 documents MUST use the id attribute when defining fragment identifiers on the elements listed above. See the HTML Compatibility Guidelines for information on ensuring such anchors are backward compatible when serving XHTML documents as media type text/html. Note that in XHTML 1.0, the name attribute of these elements is formally deprecated, and will be removed in a subsequent version of XHTML. At the risk of injecting a little light into this discussion ;) note the list of elements in the excerpt Bob provided: a, applet, form, frame, iframe, img, and map. Almost all replies to date have referred to the name attribute of the *form elements*: input, select, and textarea. Two different sets of elements. As far as I am concerned, the authorities are free to remove the name attribute from the first set. I think it is safe to say that the name attribute will not be removed from the *form elements* anytime soon. For all with a holiday coming up this weekend, have a good one! Kirk
Re: [PHP] a trivial little function (PostToHost)
tedd tedd.sperl...@gmail.com wrote on 10/05/2009 01:44:00 PM: [snip] Hi Kirk: Okay, but what specifically is that script? I have written a script at server B to print_r($_POST), but I don't get anything other than log errors (see below*). Here's an example: http://www.webbytedd.com/aa/send-form/index.php You can enter anything into the webbytedd.com form (Server A) and click submit, but the php1.net form (Server B) won't show anything -- what am I doing wrong? Cheers, tedd * Log errors: [05-Oct-2009 15:08:54] PHP Warning: PHP Startup: mm_create(0, /session_mm_cgi-fcgi522) failed, err mm:core: failed to open semaphore file (Permission denied) in Unknown on line 0 I am not familiar with this PHP error. Was this on server B? With PHP Startup in the error message, it looks like a setup problem on server B, rather than being related to the PostToHost operation. Once that error is cleared up, start simple for the PostToHost piece. Just have the script on server B return hello,world!, then echo out that response in the script on server A. The PostToHost function you found is correct. Make sure you are passing in valid arguments, so that you end up with a valid HTTP POST message. Kirk
Re: [PHP] a trivial little function (PostToHost)
tedd tedd.sperl...@gmail.com wrote on 10/04/2009 08:51:13 AM:
[PHP] a trivial little function (PostToHost)
tedd
to:
php-general
10/04/2009 09:05 AM
Hi gang:
The following 'trivial little' function I'm trying to get my head
around:
http://aspn.activestate.com/ASPN/Mail/Message/php-general/1259426
The article states:
Either way, just generate your XML string and fire it at the remote
machine. You will need to write code to handle the response, obviously.
Okay, so how does one handle the response? I understand that one
should have the script at host A sending data to host B, but I can't
seem to get it to work. Does anyone have an example that works?
My confusion here -- is the data sent by the function at host A
accessible by host B via a POST, or does it write to a writable file,
or what?
Any help would be appreciated.
Cheers,
tedd
Yes, this is just a standard HTTP POST, just like what a browser does when
you click a submit button. So, there needs to be a script that handles a
standard POST on server B. It will send whatever response it is designed
to. Just think of server A as a browser submitting a form and server B is
you writing a PHP script to handle the form submission :)
Typically, I write the fgets line a little differently. Instead of:
while(!feof($fp)) {
echo fgets($fp, 128);
}
I use:
$response = '';
while(!feof($fp)) {
$response .= fgets($fp, 128);
}
// parse the response and do something
Kirk
Re: [PHP] POST without POSTing
Paul M Foster pa...@quillandmouse.com wrote on 09/30/2009 09:29:17 PM: [PHP] POST without POSTing Paul M Foster to: php-general 09/30/2009 09:31 PM I have a form that collects certain info via POST. It is re-entrant, so when the user hits the submit button, it checks the input and does whatever sanity checks it needs to. If all is okay, it must now pass some of that info to another URL (offsite) via POST. Normally, the information would be passed via a series of GET variables or SESSION variables. But in this case the site the user is being directed to must receive the information via POST. Google posttohost rasmus. It's a classic from the Master at the turn of the century ;) Kirk
Re: [PHP] modifying within foreach
Andres Gonzalez and...@packetstorm.com wrote on 06/23/2009 12:26:38 PM: I want to modify $results within the foreach. In other words, during a given pass of this iteration, I want to delete some of the items based on particular conditions. Then on the next pass thru the foreach, I want $results to be the newer, modified array. This does not seem to work. It appears that the foreach statement is implemented such that $results is read into memory at the start so that any modifications I make to it during a given pass, are ignored on the next pass. Is this true? foreach works on a copy of an array, so the behavior you saw is expected. See the online manual. You could use a while loop, or, instead of unset-ing elements of $results, store the elements you want to keep into a new array. Kirk
Re: [PHP] Re: Can someone tell me why this is not working?
[PHP] Re: Can someone tell me why this is not working?
The center echo does not show. It will show if I replace $newmort
with
anything else. I have copied the first if statement,pasted it in
the
second position, and it works fine. Once I change the var to
$newmort, it
will not show. The third echo shows fine, it is only if I use newmort.
I
have renamed the var from mort1, because I was getting the same thing.
$newmort=STRIPSLASHES($_POST['newmort']);
$purchprice=STRIPSLASHES($_POST['purchprice']);
$howlong=STRIPSLASHES($_POST['howlong']);
if ($purchprice) {
echo Purchase Price:$ $purchpricebr /;
}
if ($newmort) {
echo Mortgage Amount:$ $newmortbr /;
}
if ($howlong) {
echo How Long has seller owned property: $howlongbr /br /;
Echo out the value of $newmort just above the if statement. If it is
zero or blank, the if will evaluate to false.
Is there a second form field named newmort lower on the page? If so, it
will be the value of $_POST['newmort'] that you receive in the post.
Kirk
Re: [PHP] PHP Security
On Jun 2, 2009, at 17:26, Grant Peel gp...@thenetnow.com wrote: I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues. For general considerations, start here: http://www.php.net/manual/en/security.general.php Kirk
Re: [PHP] Trying To Read - Show A Csv File Line By Line
revDAVE c...@hosting4days.com wrote on 03/20/2009 03:11:00 PM: Newbie ... I'm trying to Trying to read / show a csv file line by line ... fgetcsv is your friend. http://us.php.net/manual/en/function.fgetcsv.php Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] switch vs elseif
I regret that I don't recall who made the brilliant observation that programmers spend the majority of their time *reading* code (their own or others) as opposed to *writing* code. So, I make it a point to try to make my code easily scannable. I only and always use the switch construct when evaluating the value of a single variable. The switch then tells me that at a glance when I'm reading code, and I don't have to plow through a bunch of elseif clauses to get the big picture of what the code is doing. The bottom line for me on this issue is the bottom line - productivity. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Since I speak with some of you more than people I see in person....
And as a side note (some of you already know): for my wife and I closing out the year, we heard the heartbeat of our first child for the first time today in the ultrasound. Congrats on the new critter to be...they are a lot of fun after the first year of eating sleeping and pooping ;-) -- Bastien Don't forget the crying right before the pooping . . . ;) Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] quick php for perl coder question
Thomas Bolioli [EMAIL PROTECTED] wrote on 09/11/2008 01:10:18 PM: I want to return an array from a function. I have this: return array($found, $username, $email, $nickname); as my code. I have a bug in the code and I am not sure where yet. Should the above statement with this: array($vars); $vars = function($type, $abc, $xyz); $found = $vars[0]; $username = $vars[1]; $email = $vars[2]; $nickname = $vars[3]; on the other end work? If so, then the bug is somewhere else. You probably want: $vars = array(); instead of: array($vars); which will throw an undefined variable error (if error reporting is turned up), but otherwise, yes, that should work. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Floats and avoid exponential notation - How?
k bah [EMAIL PROTECTED] wrote on 07/17/2008 05:23:40 AM:
Hi,
From http://www.php.net/manual/en/language.types.float.php (second
comment in
that page, from kjohnson at zootweb dot com):
PHP switches from the standard decimal notation to exponential notation
for
certain special floats.
I have the same problem. I have a big number I have to represent, it's
usually 1 followed by 10 zeros, the biggest value I'll
have for it is 199, never more than this. I only make one
operation
with it, (+), most of the time I need that number as a
string, and never need it's float representation, only the absolute
value (in
fact, it's never going to have a fractional part). I
cannot use integers because it's bigger than the integer range.
If it goes to it's exponential representation, breaks my code. Users
are
identified by that number.
So, any suggestions/thoughts?
Is there a way to prevent php from using the exponential notation for a
float?
I don't know of any way to modify PHP's behavior with regard to this.
That's not to say there isn't a way, but I don't know of one.
This might be a brute force way to address it. You'll want to add
additional checks so you don't end up in any infinite loops. You should
definitely test with larger numbers in the range that you are actuallly
using. Hope this gets you what you need:
// example: one of the special ones, prints in exponential notation,
1.4E+6
$num = 140.;
if(strstr($num, 'E')) {
echo yep, exp notationbr;
list($significand, $exp) = explode('E', $num);
list($void, $decimal) = explode('.', $significand);
$decimal_len = strlen($decimal);
$exp = str_replace('+', '', $exp);
$exp -= $decimal_len;
$append = '';
for($i = 1; $i = $exp; $i++) {
$append .= '0';
}
$tmp = str_replace('.', '', $significand);
$reconsctructed = $tmp . $append;
echo 'prereconstructed: ', $reconsctructed, '/pre';
}
kjohnson at zootweb dot com :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Binary data in $_POST, not in $_FILES, why?
Jim Feniello [EMAIL PROTECTED] wrote on 06/16/2008 03:16:02 PM: Anyone know if PHP keys off the content-disposition for form pre-processing to populate the $_FILES array? I believe that the $_FILES array is only populated when the form tag contains 'enctype=multipart/form-data' and there is an input field of type file in the form, but I am not going to guarantee that ;) Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Quarters -- ERRORS --
tedd [EMAIL PROTECTED] wrote on 04/11/2008 02:49:21 PM:
But the critter is dead in the water for all versions of IE -- if --
I don't figure out a way around the following single statement.
document.getElementById(id).checked = true;
After reading a bunch, it seems that M$ has a better way to do things
(big surprise there, huh?) and thus does not use the
document.getElementById(id) thing that everyone else in the world
uses. Instead, they use something better and it's not documented
well as is typical.
So, what I need is:
if (document.getElementById)
{
document.getElementById(id).checked = true;
}
else
{
inset solution here.
}
The Javascript code below, using either Method 1 or Method 2, works fine
in IE 7. Have you tried running it in Firefox with the error console open?
I am wondering if there isn't a minor syntax error somewhere.
Kirk
htmlheadtitle/title
script type=text/javascript
function checkme() {
// Method 1 - works fine in IE 7
// if(document.forms[0].test.checked) {
//document.forms[0].test.checked = false;
// }
// else {
//document.forms[0].test.checked = true; // }
// }
// Method 2 - works fine in IE 7
if(document.getElementById('test').checked) {
document.getElementById('test').checked = false;
} else {
document.getElementById('test').checked = true;
}
}
/script
/head
body
form action= method=post
input type=checkbox name=test id=test onmouseover=checkme();
Mouse Me
/form
/body/head/html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beware of round() function
On Mon, 24 Mar 2008 13:10:17 -0600, [EMAIL PROTECTED] wrote:
Beware: round() apparently has changed its behavior from PHP 4. For
certain special numbers that seem to be multiples of 100,000, the
return
value is in exponential format, rather than the usual decimal format.
Some
of these special values are 120, 140, 230, which are
returned
as 1.2E+6, 1.4E+6, etc. You can generate your own list of these
special
numbers using this code:
?php
for( $tmp = 0, $i = 0; $i 100; $i++ ) {
$tmp += 10;
echo round($tmp),\n;
}
?
I now have a list of 3 ways this change in behavior can bite you and
result in a failed transaction. In the examples below, assume that the
value passed to round() is '120', so that the value returned from
round() is '1.2E+6'.
1. When interpolating the value into xml, resulting in an xsd validation
error:
?
$xml = 'AnnualIncome' . round($income) . '/AnnualIncome';
?
2. When validating user input, resulting in a false positive:
?
if(!ereg(^[0-9]{1,10}$, round($_POST['income']))) {
$errors .= liIncome should be whole dollars only (10 digits
max)./li;
}
?
3. When interpolating a value into a stored procedure call, resulting in a
type mismatch between the value passed in and the database column data
type (which is likely decimal for a monetary value):
?
$sql = exec update_loan_financials
@application_id='$appID',
@total_debt= . round($totalDebt);
?
BTW, a previous poster pointed out that this is a change in behavior of
the float type, in general, not of the round() function, in particular.
If you care.
I don't. I just know I have broken code to fix and customers to apologize
to.
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beware of round() function
Thanks for the info, Jeremy. Regardless of the technical details, my code still broke. I am little discouraged that an operation that should be so simple has these sorts of gotchas. BTW, I ended up casting to int as my solution. Kirk Jeremy Privett [EMAIL PROTECTED] wrote on 03/24/2008 02:04:48 PM: Jeremy Privett wrote: [EMAIL PROTECTED] wrote: Beware: round() apparently has changed its behavior from PHP 4. This is actually a change in the behavior of the float type, not the round function. Replace your round() with a cast to float and you'll see the exact same result. Also, as a side-note, the only way I've found to get these numbers to print properly is through either printf or sprintf. Also, you could cast back to an integer, if you explicitly don't need floats. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Beware of round() function
Beware: round() apparently has changed its behavior from PHP 4. For
certain special numbers that seem to be multiples of 100,000, the return
value is in exponential format, rather than the usual decimal format. Some
of these special values are 120, 140, 230, which are returned
as 1.2E+6, 1.4E+6, etc. You can generate your own list of these special
numbers using this code:
?php
for( $tmp = 0, $i = 0; $i 100; $i++ ) {
$tmp += 10;
echo round($tmp),\n;
}
?
The exponential format is fine as long as the number is only used
internally to PHP. However, we have found two cases so far where the
exponential format has caused errors resulting in failed transactions.
One, if you interpolate a value in exponential format into xml, as in this
example, then you will likely end up with an xsd validation error and a
failed transaction:
'AnnualIncome' . round($income) . '/AnnualIncome'
Two, if you have field validation code like below, this will falsely
indicate an error when the consumer enters one of the special values for
income, e.g., 120, which is returned as 1.2E+6:
if(!ereg(^[0-9]{1,10}$, round($_POST['income']))) {
$errors .= liIncome should be whole dollars only (10 digits
max)./li;
}
Needless to say, not a good user experience.
I reported this as a bug to the PHP dev team, but it was rejected.
Regardless of what it is, it will bite you if you're not careful.
http://bugs.php.net/?id=44223edit=2
- Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need help interpreting server log entries
We are seeing this message in our server logs with respect to one of our internal extensions. What is the meaning of Overrun in this context? acd-result.c(114) : Block 0x0816D12C status: Beginning: Overrun (magic=0x0021, expected=0x7312F8DC) End: Unknown TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php / JS / DOM question
Add the value property: document.forms['query_form'].elements['q']
.value.
Kirk
jonathan [EMAIL PROTECTED] wrote on 12/29/2005 02:45:23 PM:
form name=query_form
input type=text name=q/input
input type=button onclick=drawImg('A',document.forms
['query_form'].elements['q']); value=Search/input
/form
When the user clicks on the button, I want the text that is in input
elment 'q' to be sent to the Javascript function drawImg but when I
debug it via alerts, it appears to be NULL.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is PHP the language for me???
Emily McCall [EMAIL PROTECTED] wrote on 09/23/2005 03:07:39 PM: I am trying to figure out whether php will help me to set up a website which is essentially just links to donwloadable material. Emily, you certainly came to the right place to get an endorsement of PHP ;) Yes. PHP will handle your task nicely, and IMHO, it is the easiest language to learn and use for dynamic web programming. Dig in and enjoy! Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session.gc_maxlifetime
Also, I thought you could use ini_set to change your php.ini configuration for your current script. But I could be wrong... Did I miss read the manual? ini_set() can be used to change *some* settings. Some items that are configured in php.ini come into play before the script is parsed, and so ini_set() can't affect those. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session expires randomly
So I was thinking on implementing some sort of automatic session
refresh
after a short period, let's say every 20 minutes of inactivity.
And of course I should provide the users with a manual way to make
session end, sort of a logout from the application.( no problem with
that)
My question is:
Is there a way to set sort of a timer as to invoke an
hipothetical
refresh_session.php without reloading the current page on the
client?
Thanks
Mauricio.
Below is some code, in four parts, to do this with JavaScript's
setTimeout() function. Since it is JavaScript, this will not work in
browsers that don't support JavaScript or browsers in which the user has
disabled JavaScript. Good luck!
Kirk
/* Part 1: Add this script to your page. */
// After 14 minutes on a single page a new window is opened, warning the
// user that their session is about to expire. The user can then choose
// to continue or end their session by pushing a button. The pop-window
// will kill all Session info, redirect the main window to the
// login page, and then close itself if the user decides to end the
// session or, if after 58 seconds, the user has taken no action.
script
// 84 ms = 14 minutes
setTimeout('sessionPop()', 84);
/script
/* Part 2: Have this JS function defined somewhere accessible by your page
*/
// function sessionPop()
// called by setTimeout function in ./include/footer.inc
// Does the following
// 1. Open new window
// 2. Write the HTML to the window. It is done this way so that there is
no trip
// to the server which could result in the Session being refreshed.
function sessionPop() {
x = window.open('', 'check', 'height=200, width=400, titlebar=yes,
status=no, toolbar=no, menubar=no, location=no, resizable=yes,
scrollbars=no');
x.document.write('htmlheadtitleSession About To
Expire/title/headbodyimg src=./images/some_logo.gif width=58
height=50pDo you want to extend your session?form
action=logout.php method=post name=refreshSess
id=refreshSessinput type=submit name=sessionRefresh value=Yes.
Extend Sessionnbsp;nbsp;input type=button value=No. Logout
onClick=window.opener.location = \'logout.php\';
window.close();/form/bodyscriptfunction timeOut()
{window.opener.location = logout.php; window.close();}
setTimeout(timeOut(), 58000);/script/html');
// Need to reset the timer so the user will continue
// to get the pop-up when they choose to extend the session
// 84 ms = 14 minutes
setTimeout('sessionPop()', 84);
/* Part 3: Here is the content of logout.php */
?
/*
logout.php is the handler for the form POST from the pop-up window
generated by the javascript function 'sessionPop()' contained in
./include/jsFunctions.js.
logout.php can also be arrived at from redirection due to a Session
Timout on any application page.
*/
// sessionRefresh is the submit button to continue the Session.
// If we get sessionRefresh in the POST close the window. POSTing
// to the page keeps the Session alive.
// Otherwise, this page has been reloaded from a redirect so kill
// all Session info and redirect to home page.
if (!$HTTP_POST_VARS[sessionRefresh]) {
// Kill all current session info
kill_session();
header(Location: $someURL);
} else {
?
html
head
title /title
script language=JavaScript
!--
window.close();
//--
/script
/head
body
/body
/html
/* Part 4: Here is the definition of PHP function kill_session() */
function kill_session()
{
$name = session_name();
session_unset();
session_destroy();
setcookie($name, '', (time() - 2592000), '/', '', 0);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session expires randomly
On Fri, 2 Sep 2005, Mauricio Pellegrini wrote: Hi, I have this problem , When I start a Session everything seems to be ok but sometimes with no reason the session vanishes. All settings are default , I mean session_cache_expire is 180 min. I understand that this setting should make sessions last for at least 3 hours but in my case it seems not to be true since the real duration varies from 20 minutes to an hour I think the parameter you need to look at in php.ini is session.gc_maxlifetime. It sets the session lifetime, not session_cache_expire. The default lifetime is probably 1440 seconds, roughly 20 minutes, so the behavior you are seeing is completely normal - it's all working as it should. Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
